I made a tweet claiming that Linux is behind on security mitigations. This post is to outline mitigations added to platforms such as Windows, MacOS, and even ChromeOS that have yet to see the light of day on the linux desktop.
(Btw, Andrew Kelley is my hero!)
Linux distros are behind on implementing modern binary exploit mitigations. The last thing Linux userspace has done is ASLR/PIE and stack canaries: this hasen't changed for years. Windows and MacOS enforce signature checking on all binaries. glibc's allocator is primitive compared to LLVM's Scudo allocator, which mitigates use-after-frees and heap overflows.
Windows signs heap pages to ensure they're immutable, in addition to hardware-enforced control flow protection. Modern iOS does this too. Windows also implemented something exciting called a shadow stack, which stores return addresses in a secret, seperate stack from local variables. This is both faster and more secure than stack cookies.
Linux distros have no concept of sandboxing, or any meaningful application security model. Any app running under Xorg can see the contents of any other app runing under Xorg. Flatpack and snap are both security nightmares , fundamentally flawed and poorly implemented. The only good sandoxing API provided by the Linux kernel is seccomp-bpf, and the only program that uses it is Google Chrome/Chromium. To compare, ChromeOS requires every service to have its own seccomp filter .
Also a friendly reminder that Debian is always behind on CVEs, and I'm sure that most distros don't fare any better.
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
游戏开发的数学和物理
[ 日] 加藤洁 / 徐 谦 / 人民邮电出版社 / 59.00元
本书严格选取了游戏开发中最常用的数学和物理学知识,通过游戏开发实例,配上丰富的插图,以从易到难的顺序进行讲解。第1章到第5章分别讲解了物体的运动、卷动、碰撞检测、光线的制作、画面切换的细分处理。这五章将2D游戏必需的知识一网打尽,同时还严格挑选了少量3D游戏编程的基础内容以供参考。第6章系统梳理了游戏开发的数学和物理学理论,帮助读者更好地理解前五章的内容。 本书适合网络和手机游戏开发者阅读。一起来看看 《游戏开发的数学和物理》 这本书的介绍吧!
