|
|
|
|
|
|
by amluto
3206 days ago
|
|
|
Is there an exploit that works on systems with stack canaries? If not, then sensible Linux devices (which may well be a small minority) are not so severely affected. I'm more worried about higher value targets like cars and things like lightbulbs that never get updated. This could be an amazing wormable bug. |
|
|
> Despite this, the Linux Kernel is lagging behind in implementing some modern mitigations in its default configuration. Both stack canaries - which protect against stack overflows, and KASLR (kernel address space layout randomization) are lacking in most devices running Linux today
It seems that they opted not to try to bypass stack canaries, probably because of the number of Android devices running old versions of Linux.
It seems inaccurate for them to categorize this as a problem with kernel itself, however. The kernel itself isn't "lagging behind" if mobile/embedded devices won't update to never versions containing newer mitigation techniques.