On Mon, 2007-07-30 at 17:29 -0700, Kees Cook wrote: > I am currently unaware of any in-kernel memory segmentation plans. > There are upstream plans to implement a form of stack-protection for > kernel functions, which should help minimize some attack vectors in > buggy drivers.
Remember you can use capabilities to prevent loading of modules, so you can prevent those buggy drivers from loading at all. See: man capabilities man lcap (lcap is in universe) http://www.debian.org/doc/manuals/securing-debian-howto/securing-debian-howto.en.txt (section 10.4.2.1) Jamie Strandboge -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server