Language Selection

English French German Italian Portuguese Spanish

Overview of Linux Kernel Security Features

Filed under
Linux

In this article, we'll take a high-level look at the security features of the Linux kernel. We'll start with a brief overview of traditional Unix security, and the rationale for extending that for Linux, then we'll discuss the Linux security extensions.

Unix Security – Discretionary Access Control

Linux was initially developed as a clone of the Unix operating system in the early 1990s. As such, it inherits the core Unix security model—a form of Discretionary Access Control (DAC). The security features of the Linux kernel have evolved significantly to meet modern requirements, although Unix DAC remains as the core model.

Briefly, Unix DAC allows the owner of an object (such as a file) to set the security policy for that object—which is why it's called a discretionary scheme. As a user, you can, for example, create a new file in your home directory and decide who else may read or write the file. This policy is implemented as permission bits attached to the file's inode, which may be set by the owner of the file. Permissions for accessing the file, such as read and write, may be set separately for the owner, a specific group, and other (i.e. everyone else). This is a relatively simple form of access control lists (ACLs).

rest here




More in Tux Machines

Today in Techrights

Edubuntu Vs UberStudent: Return To College With The Best Linux Distro

Importantly, there are a handful of programs that are on Edubuntu that UberStudent doesn’t have, such as KAlgebra, Kazium, KGeography, and Marble. Instead, UberStudent has a smaller collection of applications but it does include some useful items when it comes to writing papers that Edubuntu does not have. So ultimately, Edubuntu includes more programs that are information-heavy, while UberStudent includes more tools that can aid students in their studies but doesn’t directly give them any sort of information. Read more

Zotac Nvidia Jetson TK1 review

The Jetson TK1, Nvidia’s first development board to be marketed at the general public, has taken a circuitous route to our shores. Unveiled at the company’s Graphics Technology Conference earlier this year, the board launched in the US at a headline-grabbing price of $192 but its international release was hampered by export regulations. Zotac, already an Nvidia partner for its graphics hardware, volunteered to sort things out and has partnered with Maplin to bring the board to the UK. In doing so, however, the price has become a little muddled. $192 – a clever dollar per GPU core – has become £199.99. Compared to Maplin’s other single-board computer, the sub-£30 Raspberry Pi, it’s a high-end item that could find itself priced out of the reach of the company’s usual customers. Read more

New Human Interface Guidelines for GNOME and GTK+

I’ve recently been hard at work on a new and updated version of the GNOME Human Interface Guidelines, and am pleased to announce that this will be ready for the upcoming 3.14 release. Over recent years, application design has evolved a huge amount. The web and native applications have become increasingly similar, and new design patterns have become the norm. During that period, those of us in the GNOME Design Team have worked with developers to expand the range of GTK+’s capabilities, and the result is a much more modern toolkit. Read more