Techly NewsGet the app

Get the latest tech news

Memory sealing for the GNU C Library


The mseal() system call allows a process to prevent any future changes to portions of its address space (thus "sealing" them); it was patterned after the mimmutable() system call in OpenBSD. mseal() generated a lot of discussion, but it was finally merged for the upcoming 6.10 kernel release.

Zanella's patch set takes advantage of that information to optionally seal various parts of the address space, including: While most programs should run just fine (and more securely) with this sealing in place, there will surely be exceptions that are playing complicated tricks with their address space. But its essential form seems unlikely to change significantly, so chances are good that systems using glibc will eventually have better address-space protection by default.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of memory sealing

memory sealing

Photo of gnu c library

gnu c library

Related news:

News photo

Memory Sealing 'mseal' System Call Merged For Linux 6.10

News photo

Memory Sealing "mseal" System Call Merged For Linux 6.10

« Privacy features lose their way in latest Firefox update
Change Healthcare Confirms Ransomware Hackers Stole Medical Records on a 'Substantial Proportion' of Americans »