While I'm no longer an Oracle employee, there are still a few projects that landed in Solaris 11.4 that I'd like to talk about. The one that has occupied most of my last few years is definitely Ksplice on Solaris. Back in 2011, Oracle bought Ksplice, a company that provided runtime patching to the Linux kernel. Ksplice on Linux, today, is many things:| Barely grasping the small picture
As of today, I'm no longer an Oracle employee and no longer work on the Solaris (or, briefly, Linux) kernel. I'm not very good with goodbyes, even my 'out of here' mail had just one line about the past 9 years: "Was Fun".| Barely grasping the small picture
Oracle Solaris 11.4 comes with ADIHEAP , a new security extension that acts as a management interface for allocators that implement ADI based defenses. In this blog entry we'll walk through the implementation of ADIHEAP within libc:malloc in Solaris.| Barely grasping the small picture
A couple entries ago, I've covered how we planned to use ADI to protect against heap attacks. If you've been following the stream of patches for the Solaris userland gate, you may have noticed this commit a few months ago. This commit added the necessary macros to the userland gate to enable ADIHEAP and ADISTACK, two new security defenses that will show up in the upcoming release of 11.4.| Barely grasping the small picture
Security defenses usually come with a cost. Such cost can be in terms of performance (added instrumentation, extra memory usage, different memory layout, etc.) and/or compatibility (the defense constrains some border line behavior the application relies on and the application breaks). If either of these costs is not marginal, the system level defense cannot be enabled at large. In particular, we try really hard to never break user systems and we know that many of those run legacy applications.| Barely grasping the small picture
This post stems from a "conversation" (for lack of better term) on twitter with Joanna Rutkowska about BadUSB and Qubes. One of her points w...| lazytyped.blogspot.com
One of the most common questions when discussing SPARC M7 SSM/ADI ( Silicon Secured Memory/Application Data Integrity , from here on only ...| lazytyped.blogspot.com
Memory allocators handle a crucial role in any modern application/operating system: satisfy arbitrary-sized dynamic memory requests. Errors ...| lazytyped.blogspot.com
After a number of entries on different uses of ADI, it's time to get our hands dirty and walk through the C API that allows to experiment wi...| lazytyped.blogspot.com