Q&A: Ubuntu 9.10 security

[ Thanks to An Anonymous Reader for this link. ]

"Modern CPUs allow regions of memory to be marked as "non-executable", like the stack and heap. This puts a stop to large classes of vulnerability exploits. For systems that do not have it (or do not run in 64bit mode), Ubuntu's kernel now includes a partial form of this, emulated in the kernel by way of memory segment limits.

"AppArmor saw several improvements this cycle, and had several more profiles created including ntpd, evince, and libvirt. Additionally, experimental profiles (available for testing) were created for Firefox and Apache. The libvirt integration provides even more isolation for virtual machines running under Ubuntu."

Complete Story

Related Stories:

• The Different Ways to Execute a Linux Application(Jun 23, 2009)
• What to do if your CHMOD is not executable anymore?(May 25, 2009)
• Linux Unified Kernel -- Run Windows Applications Just Like Running a Linux Program(May 18, 2009)
• Fun with NULL pointers, part 2(Jul 31, 2009)
• A Linux security story(Jul 17, 2009)
• The Linux Safety Net: Living Fast and Dangerous(Oct 01, 2008)