Q&A: Ubuntu 9.10 security

[ Thanks to An Anonymous Reader for
this link. ]

“Modern CPUs allow regions of memory to be marked as
“non-executable”, like the stack and heap. This puts a stop to
large classes of vulnerability exploits. For systems that do not
have it (or do not run in 64bit mode), Ubuntu’s kernel now includes
a partial form of this, emulated in the kernel by way of memory
segment limits.

“AppArmor saw several improvements this cycle, and had several
more profiles created including ntpd, evince, and libvirt.
Additionally, experimental profiles (available for testing) were
created for Firefox and Apache. The libvirt integration provides
even more isolation for virtual machines running under Ubuntu.”


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis