dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Shrinking Linux Attack Surfaces

Jul 19, 2019, 08:00 (0 Talkback[s])
(Other stories by Zack Brown)

Often, a kernel developer will try to reduce the size of an attack surface against Linux, even if it can't be closed entirely. It's generally a toss-up whether such a patch makes it into the kernel. Linus Torvalds always prefers security patches that really close a hole, rather than just give attackers a slightly harder time of it.

Matthew Garrett recognized that userspace applications might have secret data that might be sitting in RAM at any given time, and that those applications might want to wipe that data clean so no one could look at it.