grsecurity
@grsecurity.bsky.social
Foundational security for the Linux kernel. Solving the most difficult memory unsafety problems. Created by @opensrcsec
Quick reminder that our 6.8 short-term stable kernel goes EOL at the end of this month. Some stats: over the period of a year, it included over 1500 security/stability-relevant backports.
June 26, 2025 at 10:59 PM
Quick reminder that our 6.8 short-term stable kernel goes EOL at the end of this month. Some stats: over the period of a year, it included over 1500 security/stability-relevant backports.
Nice demo: tested a vulnerable Ubuntu 22.04 system for glibc CVE-2025-4802 using Solar Designer's PoC adapted to Ubuntu (replace any occurrence of "myhostname" with "mdns4_minimal"). Even an old #grsecurity 5.4.96 kernel from February 8 2021 prevented exploitation
May 23, 2025 at 12:52 PM
Nice demo: tested a vulnerable Ubuntu 22.04 system for glibc CVE-2025-4802 using Solar Designer's PoC adapted to Ubuntu (replace any occurrence of "myhostname" with "mdns4_minimal"). Even an old #grsecurity 5.4.96 kernel from February 8 2021 prevented exploitation
It's now available!
We expect our 6.13 #grsecurity beta to be available within the next two weeks.
February 24, 2025 at 7:42 PM
It's now available!
We expect our 6.13 #grsecurity beta to be available within the next two weeks.
February 19, 2025 at 8:44 PM
We expect our 6.13 #grsecurity beta to be available within the next two weeks.
Our 6.12 #grsecurity beta is now available to beta testers for testing
January 16, 2025 at 9:13 PM
Our 6.12 #grsecurity beta is now available to beta testers for testing
Slides for Pawel's H2HC presentation this month on the TLB are now available on grsecurity.net/papers
If you've never heard of "paging-structure caches" before, check it out!
If you've never heard of "paging-structure caches" before, check it out!
December 23, 2024 at 4:21 PM
Slides for Pawel's H2HC presentation this month on the TLB are now available on grsecurity.net/papers
If you've never heard of "paging-structure caches" before, check it out!
If you've never heard of "paging-structure caches" before, check it out!
We need to post a correction to yesterday's eBPF performance numbers:
Mathias Krause wasn't happy with just a 30x speedup and took a look at one final bottleneck that was bothering him.
The speedup over vanilla is now 747x 🤯 (5.27s vs 1h5m40s)
Mathias Krause wasn't happy with just a 30x speedup and took a look at one final bottleneck that was bothering him.
The speedup over vanilla is now 747x 🤯 (5.27s vs 1h5m40s)
November 5, 2024 at 7:00 PM
We need to post a correction to yesterday's eBPF performance numbers:
Mathias Krause wasn't happy with just a 30x speedup and took a look at one final bottleneck that was bothering him.
The speedup over vanilla is now 747x 🤯 (5.27s vs 1h5m40s)
Mathias Krause wasn't happy with just a 30x speedup and took a look at one final bottleneck that was bothering him.
The speedup over vanilla is now 747x 🤯 (5.27s vs 1h5m40s)
Performance isn't the enemy of security: we care about both. Today's patches finish off a set of security/performance improvements to eBPF. Below we show a ~30x speedup vs vanilla in running the eBPF selftests with every single #grsecurity option enabled!
November 4, 2024 at 8:46 PM
Performance isn't the enemy of security: we care about both. Today's patches finish off a set of security/performance improvements to eBPF. Below we show a ~30x speedup vs vanilla in running the eBPF selftests with every single #grsecurity option enabled!
Johannes Wikner has published a detailed walkthrough of the first cross-process Spectre exploit against a real target, an attack he developed in part during his internship with us last year.
Check it out here: grsecurity.net/cross_proces...
Check it out here: grsecurity.net/cross_proces...
October 19, 2024 at 10:09 AM
Johannes Wikner has published a detailed walkthrough of the first cross-process Spectre exploit against a real target, an attack he developed in part during his internship with us last year.
Check it out here: grsecurity.net/cross_proces...
Check it out here: grsecurity.net/cross_proces...
A new version of paxctld (1.2.6) is now available for download!
September 25, 2024 at 5:18 PM
A new version of paxctld (1.2.6) is now available for download!