Notices by Kees Cook :tux: (kees@fosstodon.org), page 3

@jmorris In my experience, the signal to noise ratio is extremely good in Fedi. Twitter is dead, and bsky & threads are redundant/closed.

Today is the anniversary of the launch of the #Linux #Kernel Self-Protection Project (2015), and the invention of the Flux Capacitor (1955):
https://lore.kernel.org/kernel-hardening/CAGXu5jJ3FgxXK9WuOLRwnEq=y4dS+CTm+WQBxWe3sYZ7e9p6Gg@mail.gmail.com/

Here's how to enable the kernel Memory Tagging Extension (#MTE) on the Pixel 8:

adb shell setprop arm64.memtag.bootctl memtag,memtag-kernel

I'm so happy there's real-world hardware finally available to provide mitigations against linear buffer overflows and many types of use-after-free flaws.

More details here:
https://outflux.net/blog/archives/2023/10/26/enable-mte-on-pixel-8/

I really excited about making Use-After-Free exploits much harder in the #Linux #kernel.

CONFIG_RANDOM_KMALLOC_CACHES has landed:
https://git.kernel.org/linus/3c6152940584

CONFIG_SLAB_VIRTUAL is coming:
https://lore.kernel.org/lkml/20230915105933.495735-15-matteorizzo@google.com/

@Azeria I remain delighted that the Linux kernel eliminated VLAs back in 2018. :) I encourage everyone with a C codebase to build with -Wvla

@gregkh Who was the original target audience and what changed about their consumption patterns?

@gregkh Ah! Neat. What're the regulations? This is (likely good) news to me.

@lanodan Ah, I see. Thanks for the link! Yeah, many things are repeated, but there are some options there that I think are a bit "heavy". It's based on the KSPP recommendations which tries to include everything but some stuff may be very disruptive (dropping 32-bit compatibility, removing module loading, etc).

@lanodan in not sure what you're asking. What's Gentoo been doing?

The #Linux #kernel has been overdue for having a Kconfig fragment for #hardening options. I'm hoping this can land:
https://lore.kernel.org/lkml/20230825050618.never.197-kees@kernel.org

@jmorris Gives me a stroke.