(Created page with '== Title == Widely Used But Out-Of-Tree == Author == Kees Cook, Canonical == Abstract == There are many security systems, features, and patches that are not in the mainline …')
Revision as of 08:47, 15 June 2010
Widely Used But Out-Of-Tree
Kees Cook, Canonical
There are many security systems, features, and patches that are not in the mainline Linux kernel. Users are exposed to them in varying degrees. Many are common, yet have remained out-of-tree for a long time. Why is this? If there is such wide-spread use or demand, why do they remain external?
The following features will be explored and compared across distributions:
- partial NX emulation
- link restrictions
- ptrace restrictions
- chroot restrictions
- ASLR on non-x86
What can be done to help pave the way for greater acceptance for these and similar features? They all represent solutions to real problems that many distributions have committed to maintaining even in the face of the features being out of tree. What value is there in keeping these things out of the mainline kernel when the vast majority of Linux users end up using some of them every day?