LinuxCon: Exploits Show Linux Is Vulnerable
Aug 10, 2010, 21:06 (6 Talkback[s])
(Other stories by Sean Michael Kerner)
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
[ Thanks to Naomi for this link.
"There is a widely held belief that Linux is a
completely secure operating system. But to Brad Spengler of the
grsecurity project, the belief is far from accurate. And he has the
kernel exploits to prove it.
"Speaking at the Linux security summit during the Linux
Foundation's LinuxCon conference here this week, Spengler described
how his efforts have resulted in Linux becoming more hardened for
security, even though his approach -- developing Linux kernel
exploits -- may be viewed with suspicion by some.
"For instance, he said he created a Linux kernel exploit system
called Enlightenment that ultimately won him some negative interest
from the U.S.'s National Security Agency (NSA). According to
Spengler, Enlightenment can disable Linux access control policy,
including features such as Security-Enhanced Linux (SELinux) and
AppArmor -- and in doing so, proves an important point, he