Contributed by rueda on from the Charlemagne dept.
In a message to the tech@ mailing list, Theo de Raadt (deraadt@) has announced a new randomization feature for kernel protection:
Over the last three weeks I've been working on a new randomization feature which will protect the kernel. [...] Recently I moved all our kernels to a new mapping model, with patrick and visa taking care of two platforms. [...] As a result, every new kernel is unique. The relative offsets between functions and data are unique. [...] However, snapshots of -current contain a futher change, which I worked on with Robert Peichaer (rpe@): That change is scaffolding to ensure you boot a newly-linked kernel upon every reboot.[...]
Read the full message for the juicy details.
Note that, because of the new mechanisms, unhibernate does not work on -current (for now).
(Comments are closed)