Q&A: Ubuntu 9.10 security
Nov 06, 2009, 07:34 (0 Talkback[s])
(Other stories by Mirko Zorz)
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
[ Thanks to An Anonymous Reader for
this link. ]
"Modern CPUs allow regions of memory to be marked as
"non-executable", like the stack and heap. This puts a stop to
large classes of vulnerability exploits. For systems that do not
have it (or do not run in 64bit mode), Ubuntu's kernel now includes
a partial form of this, emulated in the kernel by way of memory
"AppArmor saw several improvements this cycle, and had several
more profiles created including ntpd, evince, and libvirt.
Additionally, experimental profiles (available for testing) were
created for Firefox and Apache. The libvirt integration provides
even more isolation for virtual machines running under Ubuntu."