linux: make use of mseal(2)

GrapheneOS / hardened_malloc

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.

https://grapheneos.org/

MIT License

1.3k stars 97 forks source link

linux: make use of mseal(2) #242

Open cgzones opened 4 months ago

cgzones commented 4 months ago

Instead of protecting the global read-only data structure after startup via the read-only flag, which can be reverted, use the in Linux 6.10 introduced irreversible syscall mseal(2).

SkewedZeppelin commented 3 months ago

I've been running this for about a week now without issue.

thestinger commented 1 month ago

Will get to this eventually, it's just very low priority due to low impact.