Language Selection

English French German Italian Portuguese Spanish

Control Flow Integrity in the Android kernel

Filed under
Android

Android's security model is enforced by the Linux kernel, which makes it a tempting target for attackers. We have put a lot of effort into hardening the kernel in previous Android releases and in Android 9, we continued this work by focusing on compiler-based security mitigations against code reuse attacks.

Google's Pixel 3 will be the first Android device to ship with LLVM's forward-edge Control Flow Integrity (CFI) enforcement in the kernel, and we have made CFI support available in Android kernel versions 4.9 and 4.14. This post describes how kernel CFI works and provides solutions to the most common issues developers might run into when enabling the feature.

Read more

More in Tux Machines

ps_mem Shows Per-Program Memory Usage On Linux

Unlike many other tools that report memory usage per process, ps_mem reports the RAM usage of programs. For example it shows how much RAM is used by all Chromium processes combined. The program developer notes that the ps_mem name is used for backwards compatibility, but a more accurate name would be coremem. The displayed RAM is calculated by adding the sum of private RAM and the sum of shared RAM for a program processes. Running ps_mem with no arguments shows a list programs and their RAM usage in ascendant order (from the lowest RAM usage to the highest). For each program it shows the private, shared, and total used RAM, as well as the number of processes. Swap information for each program can be shown as well, by using the -S option (sudo ps_mem -S). Read more

Today in Techrights

Strawberry Released for Sparky Linux, feren OS 2019.04 in Review

OSS Leftovers

  • The State of Neural Machine Translation for Asian Languages
    Open source for Asian language NLP is getting more and more active, but it would be useful to have more projects that are both frequently updated and popular. Sometimes, code licensing plays a negative role, because many old projects are GPL (General Public License). Jieba, Rakuten MA, KoNLPy are some frequently-used libraries for CJK (Chinese-Japanese-Korean) NLP. (Lucy Park is a KoNLPy developer.)
  • Will your organization change itself to death?
    Organizations, open or otherwise, cannot spend every moment changing themselves. For one thing, doing so would mean abandoning whatever mission they purport to have. As the saying goes, "if you don't stand for something, you'll fall for anything." That adage, while most common in the context of political beliefs, is applicable here too.
  • Open source may be the future, but very few are writing it

    Open source may dominate the software we use to power the cloud, AI, and more, but a small percentage of developers do most of the coding. While it has long been true that for any given open source project, the vast majority of core contributions come from a cabal of committed developers, it seemed like the popularity of using open source would bleed into writing open source. Nope.

  • viewport and iphone reflow

    Something that’s annoyed me for some years is that all the web sites I build don’t work quite right with my iphone. Scroll down a page, visit a link, go back, and safari jumps back to the top of the page. Very annoying. Pretty much no other site I visit seems to have this problem, yet I couldn’t figure out what I was doing wrong since I’m barely doing anything at all. There are some support forum complaints about similar bugs, but mostly from several years ago, and mostly “solved: it works now” without explanation.

    Finally, figured out what seems to be the problem. The iphone introduces its own viewport meta tag, to define the screen dimensions, and control whether the user can zoom or not. A lot of sites abuse this to the point of unusability, so I very determinedly stayed clear. But without a viewport tag, safari is really dumb.

  • Categorizing OpenBSD Bugs

    I thought it would be interesting to see if something similar were true of OpenBSD bugs. I went through two years of OpenBSD errata for the most recent four releases (6.1, 6.2, 6.3 and 6.4) and categorized each bug.

  • Bug in French government’s WhatsApp replacement let anyone join Élysée chats

    Tchap is not intended to be a classified communications system—it runs on regular Android phones and uses the public Internet. But as the DINSIC, the French inter-ministry directorate for information systems that runs Tchap put it, Tchap "is an instant messenger allowing government employees to exchange real-time information on everyday professional issues, ensuring that the conversations remain hosted on the national territory." In other words, it's to keep official government business off of Facebook's and Telegram's servers outside France.

    Based on the Riot.im chat application from the open source project Matrix, Tchap is officially still in "beta," according to DINSIC. And that beta test is getting off to a rough start. Within two days, French security researcher Baptiste Robert—who goes by the Twitter handle @fs0c131y (aka Elliot Alderson)—had tapped into Tchap and subsequently viewed all of the internal "public" discussion channels hosted by the service.

  • Reset Email Account Passwords After a Website Malware Infection