About Ubuntu security

James Strandboge jamie at strandboge.com
Tue Jul 31 01:10:39 UTC 2007


On Mon, 2007-07-30 at 17:29 -0700, Kees Cook wrote:

> I am currently unaware of any in-kernel memory segmentation plans.
> There are upstream plans to implement a form of stack-protection for
> kernel functions, which should help minimize some attack vectors in
> buggy drivers.

Remember you can use capabilities to prevent loading of modules, so you
can prevent those buggy drivers from loading at all.  See:

man capabilities
man lcap	(lcap is in universe)
http://www.debian.org/doc/manuals/securing-debian-howto/securing-debian-howto.en.txt (section 10.4.2.1)

Jamie Strandboge





More information about the ubuntu-server mailing list