Product

Edera Restores Security Benefits for Linux Application Memory Safety with OpenPaX

October 30, 2024

OpenPaX offers open source mitigations for runtime memory safety errors, unlocking developer access to critical security features while saving companies unnecessary support costs

SEATTLE, Wash., October 30, 2024 —Edera, the world’s only secure-by-design Kubernetes and AI solution, today is announcing the availability of OpenPaX. OpenPaX is an open source kernel patch that provides mitigations for common memory safety errors, re-hardening systems against application-level memory safety attacks using a simple Linux kernel patch.

It was created and is hosted by the team at Edera for the benefit of both Edera’s customers and the larger community. It’s available now under the same GPLv2 license terms as the Linux kernel.

“We are pleased to be able to bring this to the industry at large and as an integrated offering for our customers with Edera Protect,” said Ariadne Conill, distinguished engineer and co-founder at Edera and maintainer of Alpine Linux. “Until now, access to common-sense memory safety mitigations such as userspace W^X required developers and companies to license an expensive kernel patch that they could not redistribute without losing access to updated versions of the patch, arguably violating the GPL. OpenPaX changes all that for the better.”

OpenPaX is a Linux kernel patch and alternative to the original PaX patch (now distributed as part of grsecurity) on modern hardware for system administrators who need to provide a layer of defense against memory safety-related vulnerabilities. The Linux kernel community also gains access to an open source hardening patch set and some features of OpenPaX will be upstreamed as appropriate.

The introduction of OpenPaX is good news for Linux distros. Alpine Linux, for example, will return to shipping a PaX-enabled kernel in 3.21 as a technical preview. Further integration will happen in Alpine 3.22.

OpenPaX is the latest innovation from the engineering team at Edera, which recently introduced Edera Protect Kubernetes and Edera Protect AI and its $5 million seed round. Using type 1 hypervisor technology, Edera offers isolation at the container level, changing the way containers run and making container escapes impossible once and for all. This is incredibly relevant to developers running AI workloads, who need to reduce costs and risks associated with running GPUs. Companies both large and small can plug Edera in seamlessly and are poised to save millions in cloud costs.

Edera will use OpenPaX to support its mitigation against memory safety-related vulnerabilities in workloads, further improving the security of its customers’ infrastructure.

To get started with OpenPaX, please visit: http://github.com/edera-dev/linux-openpax

About Edera

Edera is changing the way containers are run and secured, making isolation a reality and fundamentally transforming computing in the process. It is an enterprise infrastructure company that delivers container isolation for the first time by using a type 1 hypervisor and a memory-safe Rust control plane. It enables security engineers to achieve multi-tenancy Kubernetes and AI workload security in a way that is secure from the start, simple and cost-effective. Edera is female founded and places the same value on soft and hard skills to create a balanced and innovative company and considers diversity of experience and thought a non-negotiable. For more information, please visit: https://edera.dev/

Media Contact for Edera

Jennifer Cloer

503-867-2304

jennifer@storychangesculture.com

‍

Authors

Edera Team

Share with the world

Copy link

https://edera-main.webflow.io/stories/

edera-restores-security-benefits-for-linux-application-memory-safety-with-openpax

About Edera

Introducing secure-by-design AI and Kubernetes no matter where you run your infrastructure. Security simplified.