SecurityFocus: Linux Kernel Hardening
Warren Togami
warren at togami.com
Fri Jan 25 01:36:59 PST 2002
http://securityfocus.com/infocus/1539
This is a brief article talking about the Openwall and LIDS kernel patches
that add more security stuff to the Linux kernel.
I'm personally convinced that these approaches of using capabilities isn't
the way to go, and instead Linux Virtual Server and other virtualization
methods are the best way to be ultra secure. When you have read-only
filesystems, unfoolable tripwire and isolated logs that are IMPOSSIBLE to be
modified even if root is cracked, I think that's a better deal than
capabilities alone.
More information about the LUAU
mailing list