Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.freenode.net ##linux-hardened. Currently maintained at https://github.com/anthraxx/linux-hardened.
Ideally this would use a keyed hash, but SipHash is likely too slow. The random ^ canary_address technique doesn't even make each one unique on little endian architectures due to the leading zero.
Ideally this would use a keyed hash, but SipHash is likely too slow. The
random ^ canary_addresstechnique doesn't even make each one unique on little endian architectures due to the leading zero.