From: | Pavel Labushev <pavel.labushev@××××××.no> | ||
---|---|---|---|
To: | gentoo-hardened@l.g.o | ||
Subject: | Re: [gentoo-hardened] virtualization | ||
Date: | Tue, 06 Aug 2013 04:58:42 | ||
Message-Id: | 20130806045839.E16DBE0BF6@pigeon.gentoo.org | ||
In Reply to: | Re: [gentoo-hardened] virtualization by Alex Efros |
1 | On Tue, 6 Aug 2013 02:14:25 +0300 |
2 | Alex Efros <powerman@××××××××.name> wrote: |
3 | |
4 | > Good news! |
5 | > VirtualBox now works with hardened kernel if these options are disabled: |
6 | > [ ] Enforce non-executable kernel pages |
7 | > [ ] Randomize kernel stack base |
8 | |
9 | I wouldn't call such news good. KERNEXEC, especially on x86_64, plays a |
10 | big role in protecting the kernel from both local and remote attacks. |
11 | KVM doesn't require such arguable compromises (no pun intended). |