LinuxSecurity.com: Linux 2.4: Next Generation Kernel SecurityMar 01, 2001, 20:47 (0 Talkback[s])
(Other stories by Dave Wreski)
"This document outlines the kernel security improvements that have been made in the 2.4 kernel. A number of significant improvements including cryptography and access control make 2.4 a serious contender for secure corporate environments as well as private virtual networking."
"One of the most obvious and significant improvements in the 2.4 kernel is the packet filtering capabilities. However, there are a number of other improvements that make Linux one of the most secure operating systems available."
"Quite a number of improvements have been made since the crypto that was developed for the 2.2 kernel. Alexander writes, "Previously cipher modules could be looked up by number or by name. This was to be compatible with the old /dev/loop interface that requested "transforms" by number. In 2.4, the numbering scheme is removed which means that users no longer have to include a lot of entries into /etc/modules.conf to use encrypted block devices. It also means that other developers that wants to create their own module for various projects don't have to allocate global "IDs" for their modules." Alexander continues by stating that he is confident that crypto will be integrated into the kernel, but feels there are some further code changes that need to be made before this can be done. Once these final code changes are complete, the group will push further for inclusion in the mainline kernel tree."