Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
NooneAtAll3 6 hours ago

fascinating how GrapheneOS achieves high security level on the same hardware where Google failed to even randomize android's kernel location

jnwatson 5 hours ago | parent | next [-]

Randomizing the kernel location is of marginal utility at best. There are so many info leaks that KASLR ends up being only a small speed bump on the way to exploitation.

Here's a cool project that inventories all your KASLR info leaks: https://github.com/bcoles/kasld

aftbit 4 hours ago | parent | prev | next [-]

Is Graphene vulnerable to these exploits?

StilesCrisis 5 hours ago | parent | prev | next [-]

It's easy to be secure if you just remove features. There's obvious tension here.

Aachen 4 hours ago | parent [-]

Could you be any more specific about what features they've removed such that the hardening functions work? Because I think there are none

StilesCrisis 3 hours ago | parent [-]

They're quite open about it. https://grapheneos.org/features#attack-surface-reduction

icf80 6 hours ago | parent | prev | next [-]

google has lost its focus with pixel phones

Aachen 4 hours ago | parent [-]

on selling ads or what do you mean their focus used to be that they've lost? I'm not at all negative about more paid features that they've been offering over time, from workspace to youtube to hardware. Still very conflicted about giving Google of all places my custom, but for e.g. phones it's hard to avoid and second-hand the prices are really quite competitive for a tangible hardware product (not a software subscription that you're stuck on). Not bad to shift focus to making these Pixel devices imo, so long as they remain open that is

jeffbee 5 hours ago | parent | prev [-]

KASLR isn't an effective mitigation against anything, and to me this is part of GrapheneOS's catalog of superficial but meaningless claims.

ysnp 4 hours ago | parent [-]

I've not seen someone refer to a portion of GrapheneOS's mitigations as superficial and meaningless before. What might an OS with significant improvements to usable attack surface reduction and exploit mitigations look like to you? What sort of things (given a team of less than a dozen contending with OS updates, upgrades and device support) would you have liked to see implemented?