|
|
Log in / Subscribe / Register

memfd_secret() in 5.14

memfd_secret() in 5.14

Posted Aug 7, 2021 15:54 UTC (Sat) by khim (subscriber, #9252)
In reply to: memfd_secret() in 5.14 by jhoblitt
Parent article: memfd_secret() in 5.14

> Is it theoretically possible project process pages against a compromised kernel without hardware support?

You certainly can do that on a system with a hypervisor (although would need some cooperation with said hypervisor).

to post comments

memfd_secret() in 5.14

Posted Aug 9, 2021 16:06 UTC (Mon) by jhoblitt (subscriber, #77733) [Link] (1 responses)

In the case of a guest kernel, it isn't surprising if the host kernel provided protection features, but I think it is likely theoretically impossible to protect processes within a guest against the compromise of the host kernel without special hardware support that protects the guest kernel memory itself against the host kernel.

memfd_secret() in 5.14

Posted Aug 9, 2021 20:57 UTC (Mon) by khim (subscriber, #9252) [Link]

That special hardware, though, may be yet another hypervisor. Although not sure how feasible that would be, but the idea sounds interesting: essentially a microkernel which is basically does MMU and IOMMU — and that's it.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds