[ubuntu-hardened] Proactive security (was: More kernel patches)

Paul Sladen ubuntu at paul.sladen.org
Thu Feb 14 20:06:35 GMT 2008

On Thu, 14 Feb 2008, Jeff Schroeder wrote:
> it is good to FINALLY see some proactive security work from the Ubuntu

I think (hope) that Ubuntu has been proactively working on security a bit
longer than that.  Even the first versions had a few simples things done
different;  the "no open ports" policy, removing setuid and daemons from
running as root---even sysklogd was replaced by a copy of 'dd'!

Ubuntu even took a different direct with the splash system;  Ubuntu was
shipping a system entirely based in userspace. ---No JPEG decoders in the
kernel there... ;-)

However, there is more to be done because when the improvements can be done
hand-in-hand with keeping a "Just Works" philosophy.  One of those
improvements could be ensuring that good patches (such as the /dev/mem)
restrictions don't get dropped at the point they no longer easily apply but
which haven't yet made it into the main kernel tree.

Why do one side of a triangle when you can do all three.  Helsinki, FI.

More information about the ubuntu-hardened mailing list