Grsecurity is a Linux kernel hardening patch. The PaX patchset it includes pioneered some security features like ASLR which where later included in basically every operating system. But the patch itself is still standalone (not included mainline), so most Linux users...
Desktop and laptop PCs designed to run Windows will now only run a boot loader signed by Microsoft or by their manufacturer, unless manually reconfigured. Several Linux distributions now include the necessary chain of signed code, but for various reasons Debian...
Linux has multiple access-control features, which help to contain the damage from a malicious process. However, it is difficult and complex, especially for unprivileged users, to create a sandboxed application because of the currently administrator-oriented security....
This talk describes how the Linux kernel development model works, what a long term supported kernel is, and why all Linux-based systems devices should be using all of the stable releases and not attempting to pick and choose random patches. It also goes into how the...
The Kernel Self-Protection Project focuses on addressing gaps in Linux’s defensive technologies. With Linux reaching into every corner of modern life, and userspace frequently being very locked-down, the kernel has become an ever-increasing target for attackers and...
