Questions tagged [kernel]
The kernel tag has no summary.
144 questions
0votes
0answers
112views
The security of different virtualization systems, specifically comparing Qubes hypervisor with separation kernels like INTEGRITY-178B and LynxSecure
I've often heard that Qubes is considered one of the most secure virtualization options because it uses a small Xen hypervisor, which is only about 150KB in size. However, even Qubes isn't immune to ...
1vote
0answers
162views
Was Unpriviledged User Namespaces exploited since it started to default to YES?
We had good discussions about it being safe or not five years ago, and it was defaulted to yes on the kernel way over 3 years ago (with a note calling anyone security conscious who disable it as ...
- 333
0votes
0answers
21views
Verify Executables/Application before launching [duplicate]
Linux kernel has a feature to verify Linux kernel modules before loading them. This verification assures that modification made to Linux kernel is authentic. Does kernel have similar features to ...
7votes
1answer
2kviews
Does CrowdStrike Falcon get validated by the Windows kernel as being crash-free?
With Linux, eBPF programs are validated as not causing crashes. Apparently that validation has had errors previously because of bugs in the Linux kernel. How is CrowdStrike Falcon implemented on ...
- 3,167
3votes
1answer
654views
How does an eBPF program cause a kernel panic?
According to this RedHat knowledge base entry CrowdSource has similarly caused a kernel panic on Linux as well with eBPF program. My question is how is this possible? eBPF is described as, eBPF ...
- 3,167
1vote
0answers
47views
Why is the "Scope Changed" CVSS Metric for Kernel Crash Vectors always "Unchanged"? [closed]
Looking at all the recent Linux kernel crash CVEs I see that the "Scope Changed" metric is always "Unchanged" indicating that "The vulnerable component is the affected ...
- 1,279
1vote
0answers
83views
How relevant are OS security measures for everyday single-user personal computers? [closed]
For example, Meltdown and Spectre are serious security issues since they allow application to read unauthorized memory. However, from my understanding, most everyday computer setup allow any untrusted ...
- 119
6votes
4answers
6kviews
Will installing a kernel mode driver onto a PC compromise the entire network it's connected to?
At home, my personal PC and work computers all connect to the same network, via ethernet and WiFi. A video game on my personal PC is requiring an install of a "kernel mode driver." At the ...
- 327
1vote
3answers
352views
Does emulation/software virtualization provide more isolation/security vs hardware virtualization?
From my understanding: I can emulate many different architectures and systems with qemu as a user(mode) process. There is separate user address space per process. If a malicious process were to ...
- 11
0votes
2answers
435views
Kernel level attack?
In a Unix-like system, the concept of privileged and non-privileged users is used for security, preventing numerous attacks. When a non-privileged user executes malicious code at a normal level, the ...
- 101
1vote
0answers
243views
How does IOMMU and/or Linux kernel handle DMA that span a page boundary?
I am looking into how DMA works at the device driver and kernel level in the Linux kernel. I observed that access control to DMA buffers from IO devices is performed by the IOMMU and IOMMU driver in ...
- 41
1vote
0answers
139views
Is having no driver installed better than having old driver?
How safe are installed & genuine-vendor signed old drivers, specifically when attackers are spoofing Microsoft and other vendor certificates? On older PCs and laptops where some components are no ...
2votes
1answer
175views
Linux BPFtrace - user switch from suid bit applications not detected
I want to monitor systemcalls with bpftrace (https://github.com/iovisor/bpftrace/). For most systemcalls, this works without problems, but I have problems to monitor applications, where the suid bit ...
- 1,522
1vote
1answer
2kviews
user namespaces: do they increase security, or introduce new attack surface?
user namespaces in Linux are presented as a security feature, which should increase security. But is this really true? Is it possible that while user namespaces fix one kind of problem, they introduce ...
- 1,791
0votes
1answer
108views
Why does this method of modifying kernel memory work?
I have no experience of kernel programming or anything low level. I just watched this video and at 21:10 the presenter started to talk about modifying kernel memory using two pointers. From my ...
