Language Selection

English French German Italian Portuguese Spanish

Overview of Linux Kernel Security Features

Filed under
Linux

In this article, we'll take a high-level look at the security features of the Linux kernel. We'll start with a brief overview of traditional Unix security, and the rationale for extending that for Linux, then we'll discuss the Linux security extensions.

Unix Security – Discretionary Access Control

Linux was initially developed as a clone of the Unix operating system in the early 1990s. As such, it inherits the core Unix security model—a form of Discretionary Access Control (DAC). The security features of the Linux kernel have evolved significantly to meet modern requirements, although Unix DAC remains as the core model.

Briefly, Unix DAC allows the owner of an object (such as a file) to set the security policy for that object—which is why it's called a discretionary scheme. As a user, you can, for example, create a new file in your home directory and decide who else may read or write the file. This policy is implemented as permission bits attached to the file's inode, which may be set by the owner of the file. Permissions for accessing the file, such as read and write, may be set separately for the owner, a specific group, and other (i.e. everyone else). This is a relatively simple form of access control lists (ACLs).

rest here




More in Tux Machines

today's howtos

GNOME: Mutter, gresg, and GTK

  • Mutter 3.25.2 Has Bug Fixes, Some Performance Work
    Florian Müllner has pushed out an updated Mutter 3.25.2 window manager / compositor release in time for the GNOME 3.25.2 milestone in the road to this September's GNOME 3.26 release. Mutter 3.25.2 has a number of fixes ranging from fixing frame updates in certain scenarios, accessible screen coordinates on X11, some build issues, and more.
  • gresg – an XML resources generator
    For me, create GTK+ custom widgets is a very common task. Using templates for them, too.
  • Free Ideas for UI Frameworks, or How To Achieve Polished UI
    Ever since the original iPhone came out, I’ve had several ideas about how they managed to achieve such fluidity with relatively mediocre hardware. I mean, it was good at the time, but Android still struggles on hardware that makes that look like a 486… It’s absolutely my fault that none of these have been implemented in any open-source framework I’m aware of, so instead of sitting on these ideas and trotting them out at the pub every few months as we reminisce over what could have been, I’m writing about them here. I’m hoping that either someone takes them and runs with them, or that they get thoroughly debunked and I’m made to look like an idiot. The third option is of course that they’re ignored, which I think would be a shame, but given I’ve not managed to get the opportunity to implement them over the last decade, that would hardly be surprising. I feel I should clarify that these aren’t all my ideas, but include a mix of observation of and conjecture about contemporary software. This somewhat follows on from the post I made 6 years ago(!) So let’s begin.

Distro News: Alpine, Devuan, and openSUSE

OSS Leftovers