grsecurity's Avatar

grsecurity

@grsecurity.bsky.social

Foundational security for the Linux kernel. Solving the most difficult memory unsafety problems. Created by @opensrcsec

188 Followers  |  2 Following  |  13 Posts  |  Joined: 25.09.2024  |  1.6522

Latest posts by grsecurity.bsky.social on Bluesky

Quick reminder that our 6.8 short-term stable kernel goes EOL at the end of this month. Some stats: over the period of a year, it included over 1500 security/stability-relevant backports.

26.06.2025 22:59 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

Nice demo: tested a vulnerable Ubuntu 22.04 system for glibc CVE-2025-4802 using Solar Designer's PoC adapted to Ubuntu (replace any occurrence of "myhostname" with "mdns4_minimal"). Even an old #grsecurity 5.4.96 kernel from February 8 2021 prevented exploitation

23.05.2025 12:52 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

It's now available!

24.02.2025 19:42 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

We expect our 6.13 #grsecurity beta to be available within the next two weeks.

19.02.2025 20:44 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1
Preview
AMD: Microcode Signature Verification Vulnerability ### Summary Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside...

github.com/google/secur...

03.02.2025 18:46 โ€” ๐Ÿ‘ 0    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Our 6.12 #grsecurity beta is now available to beta testers for testing

16.01.2025 21:13 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Slides for Pawel's H2HC presentation this month on the TLB are now available on grsecurity.net/papers
If you've never heard of "paging-structure caches" before, check it out!

23.12.2024 16:21 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

We need to post a correction to yesterday's eBPF performance numbers:
Mathias Krause wasn't happy with just a 30x speedup and took a look at one final bottleneck that was bothering him.
The speedup over vanilla is now 747x ๐Ÿคฏ (5.27s vs 1h5m40s)

05.11.2024 19:00 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
[PATCH bpf-next 0/3] test_bpf.ko blinding fixes - Mathias Krause

Testcase fixes were sent upstream by Mathias Krause here: lore.kernel.org/bpf/20241104...

04.11.2024 23:29 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

If you're curious, we also fixed the failing vanilla testcases, without which the speedup would have appeared even larger than 30x. Every grsecurity option really means every single one, including RAP, PRIVATE_KSTACKS, KERNEXEC, UDEREF, AUTOSLAB, KERNSEAL, etc.

04.11.2024 20:49 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image Post image

Performance isn't the enemy of security: we care about both. Today's patches finish off a set of security/performance improvements to eBPF. Below we show a ~30x speedup vs vanilla in running the eBPF selftests with every single #grsecurity option enabled!

04.11.2024 20:46 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 1

Johannes Wikner has published a detailed walkthrough of the first cross-process Spectre exploit against a real target, an attack he developed in part during his internship with us last year.
Check it out here: grsecurity.net/cross_proces...

19.10.2024 10:09 โ€” ๐Ÿ‘ 0    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

A new version of paxctld (1.2.6) is now available for download!

25.09.2024 17:18 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@grsecurity is following 2 prominent accounts