Introduced last year in the Linux 6.10 kernel was the mseal system call for memory sealing to protect the memory mapping against modifications to seal non-writable memory segments or better protecting sensitive data structures. The GNU C Library has finally introduced its mseal function making use of this modern Linux kernel functionality.
Glibc has now added the mseal function on Linux x86_64 and AArch64 environments. Using this Glibc function with Linux 6.10+ can be used for sealing memory mappings to prevent further changes during process execution. This protects against changes to permissions, unmappings, relocation to a…
Introduced last year in the Linux 6.10 kernel was the mseal system call for memory sealing to protect the memory mapping against modifications to seal non-writable memory segments or better protecting sensitive data structures. The GNU C Library has finally introduced its mseal function making use of this modern Linux kernel functionality.
Glibc has now added the mseal function on Linux x86_64 and AArch64 environments. Using this Glibc function with Linux 6.10+ can be used for sealing memory mappings to prevent further changes during process execution. This protects against changes to permissions, unmappings, relocation to another location, or shrinking the size.
The Glibc mseal function was introduced in this commit.
This is merged as one of the features for what should become Glibc 2.43 in early February.