Archives
Archives
| From: | Pavel Labushev <pavel.labushev@××××××.no> | ||
|---|---|---|---|
| To: | gentoo-hardened@l.g.o | ||
| Subject: | Re: [gentoo-hardened] virtualization | ||
| Date: | Tue, 06 Aug 2013 04:58:42 | ||
| Message-Id: | 20130806045839.E16DBE0BF6@pigeon.gentoo.org | ||
| In Reply to: | Re: [gentoo-hardened] virtualization by Alex Efros |
||
| 1 | On Tue, 6 Aug 2013 02:14:25 +0300 |
| 2 | Alex Efros <powerman@××××××××.name> wrote: |
| 3 | |
| 4 | > Good news! |
| 5 | > VirtualBox now works with hardened kernel if these options are disabled: |
| 6 | > [ ] Enforce non-executable kernel pages |
| 7 | > [ ] Randomize kernel stack base |
| 8 | |
| 9 | I wouldn't call such news good. KERNEXEC, especially on x86_64, plays a |
| 10 | big role in protecting the kernel from both local and remote attacks. |
| 11 | KVM doesn't require such arguable compromises (no pun intended). |