Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
How do they intend to divine which mainline patches are security-sensitive?
The embedded long-term support initiative
Posted Oct 30, 2011 7:23 UTC (Sun) by raven667 (subscriber, #5198)
Posted Oct 30, 2011 8:44 UTC (Sun) by Cyberax (✭ supporter ✭, #52523)
Posted Oct 30, 2011 14:56 UTC (Sun) by vonbrand (subscriber, #4458)
Kernel is insanely vulnerable anyway.
Care to quantify and prove this?
Posted Oct 30, 2011 17:43 UTC (Sun) by raven667 (subscriber, #5198)
Posted Oct 31, 2011 10:43 UTC (Mon) by paulj (subscriber, #341)
Virtualisation does not seem a solution to me. Any systematic solution to security of hypervisors seems like it'd apply equally well to traditional kernels, surely?
Posted Oct 31, 2011 18:04 UTC (Mon) by raven667 (subscriber, #5198)
Posted Oct 30, 2011 21:37 UTC (Sun) by Cyberax (✭ supporter ✭, #52523)
Linux may be somewhat secure if one limits it to simple routing and firewall-related tasks. It's certainly not secure if one decides to use it, for example, to host world-accessible NFS shares or try to contain malicious local users.
And by this point in time, it can't really be fixed short of rewriting it in a safe language.
Posted Oct 31, 2011 7:37 UTC (Mon) by Lionel_Debroux (subscriber, #30014)
A way to get a more secure Linux kernel is to use the large PaX/grsecurity patch, which prevents a number of classes of vulnerabilities from successful exploitation.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds