@grsecurity.bsky.social
Foundational security for the Linux kernel. Solving the most difficult memory unsafety problems. Created by @opensrcsec
Our 6.18 #grsecurity LTS release, to be supported through at least the end of 2028, is now available!
28.01.2026 00:20 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0Just sent out our year end wrap-up mail to customers. It's a bit bigger than usual, so grab yourself some Swiss Miss and enjoy!
If you didn't receive it, but should have, just reach out and we'll make sure you're on the list.
Happy holidays!
6.18 has been selected as the next #grsecurity stable kernel version, to be supported through the end of 2028, one year longer than the upstream LTS EOL date of Dec 2027.
04.12.2025 23:51 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0Quick reminder that our 6.8 short-term stable kernel goes EOL at the end of this month. Some stats: over the period of a year, it included over 1500 security/stability-relevant backports.
26.06.2025 22:59 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
Nice demo: tested a vulnerable Ubuntu 22.04 system for glibc CVE-2025-4802 using Solar Designer's PoC adapted to Ubuntu (replace any occurrence of "myhostname" with "mdns4_minimal"). Even an old #grsecurity 5.4.96 kernel from February 8 2021 prevented exploitation
23.05.2025 12:52 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0It's now available!
24.02.2025 19:42 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0We expect our 6.13 #grsecurity beta to be available within the next two weeks.
19.02.2025 20:44 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 1Our 6.12 #grsecurity beta is now available to beta testers for testing
16.01.2025 21:13 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0Slides for Pawel's H2HC presentation this month on the TLB are now available on grsecurity.net/papers
If you've never heard of "paging-structure caches" before, check it out!
We need to post a correction to yesterday's eBPF performance numbers:
Mathias Krause wasn't happy with just a 30x speedup and took a look at one final bottleneck that was bothering him.
The speedup over vanilla is now 747x ๐คฏ (5.27s vs 1h5m40s)
Testcase fixes were sent upstream by Mathias Krause here: lore.kernel.org/bpf/20241104...
04.11.2024 23:29 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0If you're curious, we also fixed the failing vanilla testcases, without which the speedup would have appeared even larger than 30x. Every grsecurity option really means every single one, including RAP, PRIVATE_KSTACKS, KERNEXEC, UDEREF, AUTOSLAB, KERNSEAL, etc.
04.11.2024 20:49 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0
Performance isn't the enemy of security: we care about both. Today's patches finish off a set of security/performance improvements to eBPF. Below we show a ~30x speedup vs vanilla in running the eBPF selftests with every single #grsecurity option enabled!
04.11.2024 20:46 โ ๐ 1 ๐ 0 ๐ฌ 1 ๐ 1Johannes Wikner has published a detailed walkthrough of the first cross-process Spectre exploit against a real target, an attack he developed in part during his internship with us last year.
Check it out here: grsecurity.net/cross_proces...
A new version of paxctld (1.2.6) is now available for download!
25.09.2024 17:18 โ ๐ 2 ๐ 1 ๐ฌ 0 ๐ 0
