User: Password:
Subscribe / Log in / New account

Yama: not so fast

Yama: not so fast

Posted Aug 5, 2010 22:09 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
In reply to: Yama: not so fast by spender
Parent article: Yama: not so fast

I'm of opinion that too much security == no security.

My systems run a fair amount of legacy code, but I was able to migrate all of it to LXC. It's even feasible to isolate it even further using Xen/KVM now, because hardware is so damn cheap. So adding protections to 'chroot' just isn't worth it, IMO. Actually, it should be possible to reimplement chroot on top of containers.

Some features of grsecurity would better be generalized. For example, IP address tracking should be generalized to other types of metadata (what if I use IP-less protocols?).

Personally, I'd like to see some of features of grsecurity in the mainline kernel. Though I don't really care about a lot of other features...

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds