New book available: This Is Server Country

From C to Kernel Defense: A Practitioner's Guide to Linux Kernel Security

textbook
authors: Bommarito, M. J.
year: 2026
venue: Self-published (draft)
details: Draft manuscript (v0.1, 373 pages, 21 chapters). A C-first, hands-on progression from pointer arithmetic to writing Linux kernel defenses, organized around the offense-defense arms race: every defense exists because someone broke the previous one. Four parts move from C and systems (memory model, the heap, ELF, x86_64 assembly, the syscall boundary) through kernel internals (modules, the SLUB allocator, concurrency, the network stack, credentials) to offensive technique (vulnerability classes, info leaks and KASLR, heap spray, cross-cache, control-flow hijacking, data-only attacks, the 2026 page-cache-write family) and defense (the mitigation catalog, a quantified defense-technique effectiveness matrix, writing your own defenses, and where the arms race goes next). Every exploit is paired with the defense that stops it and every defense with the technique that bypasses it; every claim is pinned to a CVE, commit SHA, or kernel source file:line at a fixed version (v7.1-rc4), and ships with a companion open-source lab of runnable samples and automated tests. Not for citation.
Download PDF

pdf preview

citation

Bommarito, M. J. (2026). From C to Kernel Defense: A Practitioner's Guide to Linux Kernel Security. Self-published (draft). Draft manuscript (v0.1, 373 pages, 21 chapters). A C-first, hands-on progression from pointer arithmetic to writing Linux kernel defenses, organized around the offense-defense arms race: every defense exists because someone broke the previous one. Four parts move from C and systems (memory model, the heap, ELF, x86_64 assembly, the syscall boundary) through kernel internals (modules, the SLUB allocator, concurrency, the network stack, credentials) to offensive technique (vulnerability classes, info leaks and KASLR, heap spray, cross-cache, control-flow hijacking, data-only attacks, the 2026 page-cache-write family) and defense (the mitigation catalog, a quantified defense-technique effectiveness matrix, writing your own defenses, and where the arms race goes next). Every exploit is paired with the defense that stops it and every defense with the technique that bypasses it; every claim is pinned to a CVE, commit SHA, or kernel source file:line at a fixed version (v7.1-rc4), and ships with a companion open-source lab of runnable samples and automated tests. Not for citation..