There are new two vulnerabilities have been discovered in the Debian Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems:
=> Package : linux-2.6
=> Vulnerability : heap overflow
=> Problem type : local/remote
=> Debian-specific: no
=> CVE Id(s) : CVE-2008-1673 CVE-2008-2358
How do I fix this problem
Type the following command to update the internal database and to install corrected packages:
# apt-get update
# apt-get upgrade
A sudden outburst of violent disk I/O activity can bring down your email or web server. Usually, a web / mysql or mail server serving millions and millions pages per months are prone to this kind of problem. Backup activity can increase current system load. To avoid this kind of sudden outburst problem, run your script with scheduling class and priority. Linux comes with various utilities to manage this kind of madness.
[click to continue…]
Nice introduction to SELinux and other option to enhance Linux security. Mandatory access control and role-based access control are relatively new to the Linux kernel. With the introduction of the LSM framework, new security modules will certainly become available. In addition to enhancements to the framework, it's possible to stack security modules, allowing multiple security modules to coexist and provide maximum coverage for Linux's security needs. New access-control methods will also be introduced as research into operating system security continues. From the article:
Linux has been described as one of the most secure operating systems available, but the National Security Agency (NSA) has taken Linux to the next level with the introduction of Security-Enhanced Linux (SELinux). SELinux takes the existing GNU/Linux operating system and extends it with kernel and user-space modifications to make it bullet-proof. If you're running a 2.6 kernel today, you might be surprised to know that you're using SELinux right now! This article explores the ideas behind SELinux and how it's implemented.
=> Anatomy of Security-Enhanced Linux (SELinux) Architecture and implementation
SCO already filed for bankruptcy and now Darl McBride Testified:
Linux is a copy of UNIX, there is no difference
First, Linux is kernel and not operating system. Linux distribution includes Linux kernel, GNU utilities, compilers and installation / management software. This guys is lying and nothing else.
Hans was deeply involved in Linux kernel development with his widespread ReiserFS journaling file system and its successor Reiser4. Reiser's estranged wife, Nina Reiser, disappeared on September 3, 2006; Reiser was convicted of her murder on April 28, 2008:
Jurors found Linux programmer Hans Reiser guilty of first degree murder on Monday, concluding he killed his estranged wife in 2006. The verdict followed a nearly six-month trial and nearly three days of deliberation
The 44-year-old developer of the ReiserFS filesystem, sat quietly as a clerk for Alameda County Superior Court Judge Larry Goodman read the verdict. Reiser faces a mandatory sentence of 25 years to life in prison. Wearing the same dark coat he's worn for months, the defendant was immediately removed from the courtroom by one of four bailiffs watching over the courtroom. He asked out loud if he could speak with his attorney.
In a murder case with no body, no crime scene, no reliable eyewitness and virtually no physical evidence, the prosecution began the trial last November with a daunting task ahead.
A report from the Linux Foundation details individual kernel contributions and suggests enterprise use is expanding. However there is elite group inside community. During the past three years, the top 10 individual developers have contributed nearly 15 per cent of the changes to the kernel, while the top 30 developers have submitted 30 per cent, the report states.
Al Viro, David S. Miller and Adrian Bunk authored most of the patches; Andrew Morton came in fifth. Linus Torvalds, the creator of Linux, is found far down on the list. Viro has contributed 1,571 changes to the kernel, which sits at the core of the Linux operating system, over the past three years.
According to Jim Zemlin, executive director at The Linux Foundation:
Never before in the history of computing have there been so many companies, users and developers united behind one project, specifically one that has seen so much commercial success.
Some interesting facts about Linux kernel
Who is Writing Linux?
- Every Linux kernel is being developed by nearly 1,000 developers working for more than 100 different corporations.
Who is Sponsoring Linux?
- More than 70 percent of total contributions to the kernel come from developers working at a range of companies including IBM, Intel, The Linux Foundation, MIPS Technology, MontaVista, Movial, NetApp, Novell and Red Hat.
How Fast is Linux Developed and Released?
- An average of 3,621 lines of code are added to the kernel tree every day, and a new kernel is released approximately every 2.7 months.
=> Linux Foundation Publishes Study on Linux Development Statistics: Who Writes Linux and Who Supports It
Interesting idea that explains how to build awesome secure and portable system using Linux. From the article:
I designed this system with both security and portability in mind. My system uses a Linux kernel and the entire thing, applications, personal data, etc, takes up 1GB of space. It is split up into two parts, the operating system, and my personal data. The operating system is a 700MB live-CD, GRML, that generates a completely fresh install every single time I boot up the computer. Doing this means that if my system is ever hacked into, a simple restart of my computer fixes the problem. This also means that any configuration changes made or private information stored by any application, restarting reverts everything to a clean slate.
The personal data is encrypted using an AES-256 algorithm. The password I type in actually unlocks a special encrypted file which unlocks the real encryption information, meaning that my actual password is never stored in RAM (more specifically, DRAM). To prevent highly sensitive information from being discovered by remote hackers, which this layer of encryption would not protect against, an extra layer of encryption using either GPG or AES-256 provides two layers of encryption for highly sensitive data.
=> My Awesome Secure and Portable System