 RANDSTRUCT works by introducing variability in how data structures are organized in memory. This means that each time an application runs, the layout of its data structures is different, making it harder for attackers to exploit predictable patterns.

160ed04091

I explained a bit on it here: https://stacker.news/items/670170

In a short description, randstruct just makes certain types of memory-based exploitation in the Linux Kernel harder by randomizing the order of memory structures. It's just another piece of hardening added to GrapheneOS recently.

final

Thanks for this post. It's over my head technically, but I guess more robust security is a good thing.