SMAP SMEP - VirtualBox / KVM

madaidan · January 11, 2020, 9:34pm

Might be good to add grsec: Apply grsecurity-3.1-4.8.15-201612301949.patch · linux-scraping/linux-grsecurity@31e606a · GitHub to Whonix for KVM

This will be reverted once the VirtualBox devs stop disabling
SMAP unnecessarily, which seems like it will happen never.
Anyone who cares about security of their host system shouldn’t
use VirtualBox, as it already precludes the use of KERNEXEC, UDEREF, and RANDKSTACK.

anontor · January 22, 2020, 1:02am

I may be wrong, but I thought SMAP is now enabled ( I believe Virtualbox addressed this in their 4.x releases and by 5.x.x it was fixed?)
I looked through many tickets and found #13961 which seemed to verify SMAP is default enabled and working now. (unless I have it all wrong)
I found both SMEP and SMAP in the Vbox logs enabled with a (1)

EDIT by Patrick:
add link

madaidan · January 22, 2020, 4:58pm

Seems like you’re right.