Kernel base address offset randomization (KASLR)

KSPP / linux

Linux kernel source tree (Kernel Self Protection Project)

https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project

Other

84 stars 5 forks source link

Kernel base address offset randomization (KASLR) #3

Open kees opened 4 years ago

kees commented 4 years ago

Kernel image relocation is a prerequisite for being able to change the position of the kernel in memory at boot time. In order to make attacks less robust (or require a greater level of information exposure), being able to randomize the kernel image base address at boot time is desirable. This means attacks must discover target addresses dynamically.

Architectures implementing this use CONFIG_RANDOMIZE_BASE to enable the feature at build time.

kees commented 4 years ago

Power: https://lore.kernel.org/lkml/20191115093209.26434-1-yanaijie@huawei.com

kees commented 3 years ago

arm32 implementation: https://lore.kernel.org/kernel-hardening/20170814125411.22604-1-ard.biesheuvel@linaro.org/

mkrzywix commented 4 months ago

risc-v implementation: https://lore.kernel.org/lkml/20230215145113.465558-1-alexghiti@rivosinc.com/