A deep dive into Linux’s new mseal syscall
If you love exploit mitigations, you may have heard of a new system call namedmseallanding into the Linux kernel's 6.10 release, providing a protection called memory sealing." Beyond notes from the authors, very little information about this mitigation exists. In this blog post, we'll explain what this syscall is, including how it's different from prior memory protection schemes and how it works in the kernel to protect virtual memory. We'll also describe the particular exploit scenarios thatmsealhelps stop in Linux userspace, such as stopping malicious permissions tampering and preventing memory unmapping attacks.
Alan Cao
The goal of mseal is to, well, literally seal a part of memory and protect its contents from being tampered with. It makes regions of memory immutable so that while a program is running, its memory contents cannot be modified by malicious actors. This article goes into great detail about this new feature, explains how it works, and what it means for security in the Linux kernel.
Excellent light reading for the weekend.