Alan Cao discusses the introduction of a new system call named ‘mseal’ in the Linux kernel 6.10 release, which provides a protection called “memory sealing” to prevent illicit modifications of memory regions during program runtime. The post explains the differences between this mitigation and other memory protection schemes, its implementation in the kernel, and how it protects against malicious actions such as tampering with permissions and memory unmapping attacks. The author highlights the involvement of Chrome’s security team in introducing mseal to support their V8 CFI strategy and the future integration of mseal into glibc. The post delves into the technical details of the mseal syscall implementation and the exploit scenarios it helps mitigate, emphasizing its significance in hardening systems against remote attackers.
https://blog.trailofbits.com/2024/10/25/a-deep-dive-into-linuxs-new-mseal-syscall/