SecurityFocus: Linux Kernel Hardening

Warren Togami warren at togami.com
Fri Jan 25 01:36:59 PST 2002


http://securityfocus.com/infocus/1539

This is a brief article talking about the Openwall and LIDS kernel patches
that add more security stuff to the Linux kernel.

I'm personally convinced that these approaches of using capabilities isn't
the way to go, and instead Linux Virtual Server and other virtualization
methods are the best way to be ultra secure.  When you have read-only
filesystems, unfoolable tripwire and isolated logs that are IMPOSSIBLE to be
modified even if root is cracked, I think that's a better deal than
capabilities alone.



More information about the LUAU mailing list