[$] Memory sealing for the GNU C Library
12 juin 2024 à 13:49
The mseal() system call allows a
process to prevent any future changes to portions of its address space
(thus "sealing" them); it was patterned after the mimmutable() system call in OpenBSD.
mseal() generated a lot of discussion, but it was finally merged
for the upcoming 6.10 kernel release. While mseal() was initially
aimed at securing the Chrome browser, the hope was that it would be useful
elsewhere; as a step toward realizing that hope, Adhemerval Zanella has
posted a
patch series adding support for — and use of — mseal() to the
GNU C library (glibc).