Security



One of the most notable additions to Linux 2.6 was SELinux, a security layer provided in part by the NSA that allowed for finer-grained access controls. This functionality was optional and most Linux distributions either configure SELinux in more limited ways or exclusively use the classic UNIX-style permissions system. Linux 3.0 builds on this by bringing in a number of additional security features which makes it even better suited for critical tasks.



First, in addition to SELinux, three additional security layers have been provided in Linux 3.0. These layers, still optional, give administrators a choice as to what type of security is most appropriate for their environment. The three new layers available in Linux 3.0 are AppArmor, SMACK (“Simplified Mandatory Access Control Kernel”) and TOMOYO. The general goal of these approaches are the same as SELinux: to define a tight set of things that running applications can do, and prevent them from doing other things. In general, these other approaches are simpler to configure than SELinux and represent a compromise between higher security and system maintainability. Individual features differ and a security administrator should weigh the benefits of each before implementation.



Another security improvement in Linux 3.0 is the development of eCryptFS. This module allows for software encryption to be overlaid on top of any of Linux's existing filesystems on a file-by-file basis, including network filesystems like NFS. This method is more flexible than requiring the filesystem to understand encryption itself, and does not require an encrypted block device. In addition to the new filesystem, Linux 3.0 also includes the capability to store and manage encryption keys that are required for this and other encryption subssytems.


 

And finally, Linux has made many smaller security improvements, more than could be listed. Key among these are improved randomization of memory addressing for processes (to make it much more difficult for an attacker to overwrite memory with an exploit), implementation of a non-executable stack to reduce the risk of many kinds of security holes from poor programming, and a new Secure Computing Mode which allows the kernel to “sandbox” a process to a restricted set of things that it can do. This allows for more careful execution of untrusted code, for example. Linux 3.0 even allows the kernel messages to be hidden from untrusted users. These changes make Linux an overall better choice in trusted environments.


 


Continue on to Block Devices...