SMAP SMEP - VirtualBox / KVM

Might be good to add https://github.com/linux-scraping/linux-grsecurity/commit/31e606aa9da683109cee72d45c9cda60992f01dc to https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F

This will be reverted once the VirtualBox devs stop disabling
SMAP unnecessarily, which seems like it will happen never.
Anyone who cares about security of their host system shouldn’t
use VirtualBox, as it already precludes the use of KERNEXEC, UDEREF, and RANDKSTACK.


I may be wrong, but I thought SMAP is now enabled ( I believe Virtualbox addressed this in their 4.x releases and by 5.x.x it was fixed?)
I looked through many tickets and found #13961 which seemed to verify SMAP is default enabled and working now. (unless I have it all wrong)
I found both SMEP and SMAP in the Vbox logs enabled with a (1)

EDIT by Patrick:
add link

1 Like

Seems like you’re right.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]