Linux Security News Archives
SELinux Seeing Performance Improvements With Linux 5.7

A few months back when we last looked at the performance impact of having SELinux enabled there was a hit but not too bad for most workloads. But we'll need to take another look soon as with the Linux 5.7 kernel are some performance improvements and more for SELinux.

2 April 2020 - Linux 5.7 SELinux - 5 Comments
Linux 5.6 Crypto Code Brings The New AMD TEE Driver

Herbert Xu sent in all of the crypto subsystem changes on Tuesday for the in-development Linux 5.6 kernel. Interesting us the most out of this crypto work is the AMD Trusted Execution Environment (TEE) driver.

28 January 2020 - Trusted Execution - 5 Comments
Google's Kernel Runtime Security Instrumentation (KRSI) Is Something To Look Forward To In 2020

Back in September was an initial "request for comments" by Google on some kernel work they are doing with Kernel Runtime Security Instrumentation (KRSI) for providing eBPF-powered security helpers, ultimately for creating dynamic MAC and audit policies. Just before Christmas the first official version of this new eBPF-based instrumentation was sent out and is being prepared for deployment within Google.

31 December 2019 - Linux KRSI - 17 Comments
Kernel Address Space Isolation Is Still Being Explored For Better Security

IBM developers and others continue exploring the potential for address space isolation in the Linux kernel to reduce the risk of leaking sensitive data in attacks like L1 Terminal Fault (L1TF), MDS, and other vulnerabilities. Though this does increase the complexity of the kernel code and the performance hit is still to be evaluated.

2 November 2019 - Address Space Isolation - 1 Comment
Landlock Revved An 11th Time For Unprivileged Yet Powerful Security Sandboxes

We first wrote about the Landlock Linux security module in 2016 with its aspirations for offering powerful security sandboxing abilities. Landlock has seen revisions every few months and this week marks the 11th time the patches have been volleyed for this interesting sandboxing Linux Security Module (LSM).

30 October 2019 - Landlock LSM - 1 Comment
Linux "Lockdown" Patches Hit Their 40th Revision

The long-running Linux "Lockdown" patches were sent out again overnight for their 40th time but it remains to be seen if these security-oriented patches will be pulled in for the upcoming Linux 5.4 cycle.

20 August 2019 - Linux Lockdown v40 - 3 Comments
CVE-2019-1125 "SWAPGS" Is The Newest Spectre Vulnerability

CVE-2019-1125 was made public today or also referred to as the "SWAPGS" vulnerability as a new variant of Spectre V1 affecting Windows and Linux with Intel (and according to mixed information, AMD - though the current Linux kernel patches at least seem to only apply to Intel) x86_64 processors.

6 August 2019 - CVE-2019-1125 - 27 Comments

147 Linux Security news articles published on Phoronix.