© SANS Institute 2003, Author retains full rights
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2003, As part of the Information Security Reading Room. Author retains full rights.
hardening techniques at the application level are typically inadequate as a means in
protecting the rest of the system from flaws in the applications. Regardless of the time
spent hardening applications, a vulnerability exploited in one application will often lead
to a full system compromise. As the dependency upon network connectivity increases,
the need to look at lower level methods for preventing successful attacks becomes
apparent.
The Linux Kernel
The lowest software level components of “[e]ach computer system includes a basic set
of programs called the operating system. The most important program in the set is
called the kernel. It is loaded into RAM when the system boots and contains many
critical procedures that are needed for the system to operate.”(4) While the system is
running, the kernel acts as a mediator between the hardware components and the
processes running on the system – none of the processes directly access any hardware
components on their own. At an even lower level, features built into hardware
components help to enforce the separation between those that can (“kernel mode”) and
cannot (“user mode”) directly interact with the hardware components.
The Linux kernel provides for a multiuser operating system. This means that any user
can run any program at any time without worrying about the other users. Due to the
multiuser nature of the system, the kernel is also responsible for providing mechanisms
for user authentication and access control to prevent users or applications from
interfering with the activity of other users or programs. The access control system built
into the standard Linux kernel is based on the traditional Discretionary Access Control
(DAC) model. DAC is discussed in further detail later in this document.
Linux Kernel Modules
At a time when memory (RAM) was an expensive commodity, the idea of a modular
kernel was introduced in a few commercial UNIX distributions which allowed the loading
and unloading of pieces of kernel code to free up memory without having to rebuild the
entire kernel. Although memory is much less expensive today, the flexibility that
loadable kernel modules offer is one of the main reasons that they are still used heavily
today. The Linux kernel is one of the few modern monolithic kernels with the ability to
load and unload modules on the fly. This can prove to be a big time-saver as it prevents
an administrator from having to recompile the whole kernel and then reboot the system
for every minor change.
“Linux was first developed for 32-bit i386-based PCs. These days it also runs on (at
least) the Compaq Alpha AXP, Sun SPARC and UltraSPARC, Motorola 68000,
PowerPC, PowerPC64, ARM, Hitachi SuperH, IBM S/390, MIPS, HP PA-RISC, Intel IA-
64, DEC VAX, AMD x86-64 and CRIS architectures.”(5) Due to the variance in
hardware components between the platforms, many Linux distributions provide stock
kernels that rely heavily on the use of kernel modules. Not only does this approach
greatly assist in the initial setup of a Linux system, but it also allows Linux distributions
to maintain a small number of pre-built kernel images optimized for the various CPU
configurations. While this approach eliminates the need for a custom built kernel on
@ 2021 SANS Institute Author Retains Full Rights
剩余24页未读,继续阅读
芯光未来
- 粉丝: 2117
- 资源: 19
我的内容管理
展开
最新资源
- zlib-1.2.12压缩包解析与技术要点
- 微信小程序滑动选项卡源码模版发布
- Unity虚拟人物唇同步插件Oculus Lipsync介绍
- Nginx 1.18.0版本WinSW自动安装与管理指南
- Java Swing和JDBC实现的ATM系统源码解析
- 掌握Spark Streaming与Maven集成的分布式大数据处理
- 深入学习推荐系统:教程、案例与项目实践
- Web开发者必备的取色工具软件介绍
- C语言实现李春葆数据结构实验程序
- 超市管理系统开发:asp+SQL Server 2005实战
- Redis伪集群搭建教程与实践
- 掌握网络活动细节:Wireshark v3.6.3网络嗅探工具详解
- 全面掌握美赛:建模、分析与编程实现教程
- Java图书馆系统完整项目源码及SQL文件解析
- PCtoLCD2002软件:高效图片和字符取模转换
- Java开发的体育赛事在线购票系统源码分析
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
