Linux

65189 readers

527 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 7 years ago

MODERATORS

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

192

Dirty Frag: Universal Linux LPE - allows any unprivileged local user to gain root access on a vulnerable Linux system - no patch available (github.com)

submitted 5 days ago by rabber@lemmy.ca to c/linux@lemmy.ml

78 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Ooops@feddit.org 5 points 4 days ago

Setups like Android or those new fancy ummutable distros don't actually make anything more secure. If the underlying OS is drectly exploited they don't protect you. Not having a mechanism included to get you root permissions regularly, doesn't help you against exploits achieving the same in unplanned ways. In fact -allthough that's a minor issue- you can probably specifically target the latter distros even after a patch: After all we are talking about direct changes to binary code here. On that level you could get ideas about manipulating the overlay to access the unpatched files.

In the end the most effective way to be more secure is not a mass produced thing like Android that locks out everyone (and not even being that good at it because there are masses working to circumvent it to get control over their device back), but to minimise you attack surface: Don't have stuff activated you don't need. Have a kernel compiled for your device with only exactly the components you really need. Or whitelist all kernel modules you need and nothing more. Explicitly declare what a user can do and access actively (see: SELinux, AppArmor with strict policies) instead of relying on the underlying passive permission system.