About Ubuntu security
James Strandboge
jamie at strandboge.com
Tue Jul 31 01:10:39 UTC 2007
On Mon, 2007-07-30 at 17:29 -0700, Kees Cook wrote:
> I am currently unaware of any in-kernel memory segmentation plans.
> There are upstream plans to implement a form of stack-protection for
> kernel functions, which should help minimize some attack vectors in
> buggy drivers.
Remember you can use capabilities to prevent loading of modules, so you
can prevent those buggy drivers from loading at all. See:
man capabilities
man lcap (lcap is in universe)
http://www.debian.org/doc/manuals/securing-debian-howto/securing-debian-howto.en.txt (section 10.4.2.1)
Jamie Strandboge
More information about the ubuntu-server
mailing list