Archive for the ‘security’ Category

TPM2 and Linux (Intel NUC + TPM2 + Linux)

Back to school: Learning security in Linux: old and new stuff

Linux Security: Securing and Hardening Linux Production Systems

And Ubuntu has a matrix to show its security features:

Seccomp and Sandboxing:

“What the Chrome developers would like is a more flexible way of specifying which system calls can be run directly by code inside the sandbox.One suggestion that came out was to add a new “mode” to seccomp. The API was designed with the idea that different applications might have different security requirements; it includes a “mode” value which specifies the restrictions that should be put in place. Only the original mode has ever been implemented, but others can certainly be added. Creating a new mode which allowed the initiating process to specify which system calls would be allowed would make the facility more useful for situations like the Chrome sandbox.”

Bypassing module_disabled functionality (disabling kernel modules loading):

%d bloggers like this: