> I reported these two separate issues, lack of linear map randomization, and kernel lands at static physical address in Pixel, to the Linux kernel team and Google Pixel respectively. However both of these issues are considered intended behavior. While Pixel may introduce randomized physical kernel load addresses at some later point as a feature, there are no immediate plans to resolve the lack of randomization of the Linux kernel’s linear map on arm64.
Funny how Google is paying people to find exploits in their product, and also pays people to ignore those vulnerability reports.
Pixels seem to be pretty secure when running Graphene, from
what I have heard.
I'm of the opinion, sadly, that running some custom build of android with a few compiler options tweaked away from their defaults, is probably far more secure than the latest patched versions of iOS or Android.
Yes, it is effectively security by obscurity using the fact that nobody knows exactly which compiler options you tweaked, but the reality is it works really well since almost all exploits need to know some code offsets very precisely to work.
Also, many state security agencies have a ready to go exploit for the latest iOS, but they don't have a team ready to assemble a custom exploit for your modded android.
Funny how Google is paying people to find exploits in their product, and also pays people to ignore those vulnerability reports.
Pixels seem to be pretty secure when running Graphene, from what I have heard.