[ubuntu-hardened] Proactive security (was: More kernel patches)
ubuntu at paul.sladen.org
Thu Feb 14 20:06:35 GMT 2008
On Thu, 14 Feb 2008, Jeff Schroeder wrote:
> it is good to FINALLY see some proactive security work from the Ubuntu
I think (hope) that Ubuntu has been proactively working on security a bit
longer than that. Even the first versions had a few simples things done
different; the "no open ports" policy, removing setuid and daemons from
running as root---even sysklogd was replaced by a copy of 'dd'!
Ubuntu even took a different direct with the splash system; Ubuntu was
shipping a system entirely based in userspace. ---No JPEG decoders in the
kernel there... ;-)
However, there is more to be done because when the improvements can be done
hand-in-hand with keeping a "Just Works" philosophy. One of those
improvements could be ensuring that good patches (such as the /dev/mem)
restrictions don't get dropped at the point they no longer easily apply but
which haven't yet made it into the main kernel tree.
Why do one side of a triangle when you can do all three. Helsinki, FI.
More information about the ubuntu-hardened