Container security company Edera is working to improve application-level memory safety in Linux with the release of OpenPaX, an open source kernel patch that mitigates common memory safety errors.
It was initially created to benefit Edera’s own customers, but the company decided to open source it to make it available to the broader community.
The name is a reference to the PaX patch for Linux, which adds security enhancements to the kernel. OpenPaX builds off of those hardening capabilities and extends the functionality to protect against memory safety vulnerabilities.
“We are pleased to be able to bring this to the industry at large and as an integrated offering for our customers with Edera Protect,” said Ariadne Conill, distinguished engineer and co-founder at Edera and maintainer of Alpine Linux. “Until now, access to common-sense memory safety mitigations such as userspace W^X required developers and companies to license an expensive kernel patch that they could not redistribute without losing access to updated versions of the patch, arguably violating the GPL. OpenPaX changes all that for the better.”
The project is now available on GitHub, and Edera plans to continue releasing useful features upstream when possible.
This announcement follows Edera’s recent news of a $5 million seed funding round. The company is using a type 1 hypervisor to provide isolation for containers at the container level, which will help eliminate the issue of container escapes.
