Zack's Kernel News

Zack's Kernel News

Article from Issue 282/2024

Chronicler Zack Brown reports on the latest news, views, dilemmas, and developments within the Linux kernel community.

Improving Web Browser Security

Jeff Xu submitted a security patch on behalf of the Chrome browser project. In general, browsers are among the most security-intensive software projects out there. Browsing the web involves directly running a whole lot of code from all over the Internet locally on your computer. Bad actors abound. Protecting users is one of the key essential features of any web browser.

In this case, Jeff proposed a new mseal() system call, which would allow Chrome to "seal" regions of memory against modification. Jeff's patch also included some changes to the generic mmap() system call to add the PROT_SEAL and MAP_SEALABLE bits to the mmap() flags. These on/off bits would tell whether a region had been sealed or was available to be sealed.

As Jeff explained it, "Memory sealing is useful to mitigate memory corruption issues where a corrupted pointer is passed to a memory management system. For example, such an attacker primitive can break control-flow integrity guarantees since read-only memory that is supposed to be trusted can become writable or .text pages can get remapped. Memory sealing can automatically be applied by the runtime loader to seal .text and rodata [read-only data] pages and applications can additionally seal security critical data at runtime."


Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Kernel 6.10 Available for General Usage

    Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.

  • Reiserfs Experiencing Turbulent Updates

    When Jeff Mahoney sent in a bunch of patches for reiserfs, he assumed that the filesystem would be frozen in maintenance mode from that point on. Things turned out differently.

  • FOSDEM 2005

    The annual winter meeting of Europe’s open source developers took place February 25-27 in Brussels, Belgium. Again the event was a mustn’t miss for thousands of contributors to free projects and a welcome opportunity for developers to exchange ideas outside the borders of their own communities.

  • Kernel News


  • Kernel News


comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More