Mission impossible: Hardening the x86 based core infrastructures

GBE( no big deal?), CPU microcode( Do we really believe the vendor don't leave a backdoor there? Ok, it's unlikely to happen because the "magic" constant shit is not hard to find but...possibility is still there?), VGA BIOS( the 1st rule of OptionROM is do not talk about-_-), MRC( lacking of effort to do the reversing?), [Intel ME](https://github.com/hardenedlinux/firmware-anatomy/blob/master/hack_ME/me_info.md)( red alert....).

Linux kernel mitigation checklist

We should treat security as a whole, just like the combination of PaX/Grsecurity features/code hardening build up a defense-in-depth solution for Linux kernel, which is a core infrastructre we are highly rely on. PaX/Grsecurity is a set of security hardening specific patch that brings the linux kernel security into another level. It's a great value to make all FLOSS community getting benefit from it. KSPP( Kernel self protection project) was started in Nov 2015 after a disclosure about linux kernel security.

canary分析

由于stack overflow而引发的攻击非常普遍也非常古老,有一种叫做canary的mitigation技术很早就出现在gcc/glibc里,直到现在也作为系统安全的第一道防线一直存在.

RELRO分析

在Linux系统安全领域数据可以写的存储区就会是攻击的目标,尤其是存储函数指针的区域.GCC,linker以及Glibc-dynamic-linker一起配合实现了一种叫做relro的技术,以最大可能地扩大只读属性的存储区.对于系统级的安全有极大的优点.