grsecurity - Network

It's now available!

It's now available!

We expect our 6.13 #grsecurity beta to be available within the next two weeks.

We expect our 6.13 #grsecurity beta to be available within the next two weeks.

https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w

https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w

Our 6.12 #grsecurity beta is now available to beta testers for testing

Our 6.12 #grsecurity beta is now available to beta testers for testing

Slides for @wipawel's H2HC presentation this month on the TLB are now available on https://grsecurity.net/papers If you've never...

Slides for @wipawel's H2HC presentation this month on the TLB are now available on https://grsecurity.net/papers
If you've never heard of "paging-structure caches" before, check it out!

We need to post a correction to yesterday's eBPF performance numbers:@minipli wasn't happy with just a 30x speedup and took a look...

We need to post a correction to yesterday's eBPF performance numbers:

@minipli wasn't happy with just a 30x speedup and took a look at one final bottleneck that was bothering him.

The speedup over vanilla is now 747x 🤯 (5.27s vs 1h5m40s)

If you're curious, we also fixed the failing vanilla testcases, without which the speedup would have appeared even larger than 30x....

If you're curious, we also fixed the failing vanilla testcases, without which the speedup would have appeared even larger than 30x. Every grsecurity option really means every single one, including RAP, PRIVATE_KSTACKS, KERNEXEC, UDEREF, AUTOSLAB, KERNSEAL, etc.

Performance isn't the enemy of security: we care about both. Today's patches finish off a set of security/performance improvements...

Performance isn't the enemy of security: we care about both. Today's patches finish off a set of security/performance improvements to eBPF. Below we show a ~30x speedup vs vanilla in running the eBPF selftests with every single #grsecurity option enabled!

In combination with the research published yesterday by ETHZ into IBPB implementation vulnerabilities on some Intel and AMD CPUs...

In combination with the research published yesterday by ETHZ into IBPB implementation vulnerabilities on some Intel and AMD CPUs (https://comsec.ethz.ch/research/microarch/breaking-the-barrier/), Johannes Wikner has published a detailed walkthrough of the first cross-process Spectre exploit against a real target, an attack he developed in part during his internship with us last year.

Check it out here: https://grsecurity.net/cross_process_spectre_exploitation

A new version of paxctld (1.2.6) is now available for download!

A new version of paxctld (1.2.6) is now available for download!

In light of the OpenSSH RCE advisory published today by Qualys:...

In light of the OpenSSH RCE advisory published today by Qualys: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server, where it references our March blog while discussing ASLR weaknesses being key to feasible modern i386 exploitation, here it is again in case you missed it: https://infosec.exchange/@grsecurity/112038132238817006

In this blog, we dive deep into how the automation employed by the recently-formed Linux CNA managed to take a detailed, unrestricted...

In this blog, we dive deep into how the automation employed by the recently-formed Linux CNA managed to take a detailed, unrestricted vulnerability report for their 5.10 LTS kernel, and produce an error-filled CVE unhelpful for downstream consumers: https://grsecurity.net/cve-2021-4440_linux_cna_case_study

A weakness 23 years in the making: binaries and libraries built with an older toolchain act as timebombs against ASLR under...

A weakness 23 years in the making: binaries and libraries built with an older toolchain act as timebombs against ASLR under "recent" Linux kernel and glibc changes.

Users: Check your exposure!
Developers: Rebuild binaries to achieve full ASLR benefit!

https://grsecurity.net/toolchain_necromancy_past_mistakes_haunting_aslr