Uli Drepper part 5: Preventing exploits
by Colby Hoke
Uli Drepper is a Red Hat developer and the lead contributor and maintainer of the GNU C Library (glibc). Watch the first, second, third, and fourth videos in this series.
This is the fifth and final installment in our talks with Uli series. In this episode, Uli takes on the task of explaining what system administrators can do to help prevent exploits much like the ones mentioned in previous episodes.
More specifically, Uli brings up what admins aren’t doing and goes into some depth about ASLR, security policies, and the importance of enabling SELinux.
We hope you’ve enjoyed this five-part series with Ulrich Drepper, and as always, we’ve included an unedited version of the interview as a podcast.
In the comments, we’d love to hear what you’ve thought of the series and if you’d like to see more similar content in the future.
October 20th, 2007 at 10:36 am
Uli “prelinking should not ever be used for frontline machines” since it in effect disables ASLR.. and still prelink is on by default in RHEL5 ?
November 23rd, 2007 at 2:46 pm
Excellent series, I’d love to see more of this sort of content in the future. Maybe something to show the real world effect of the security we have in Fedora, how many issued security alerts actually apply. I often find when presenting that Fedora has good security that doesn’t get in your way, that people respond rather negatively since they think it doesn’t actually help them and I lack good hard data to refer them to as a means of showing how much it improves the situation even for regular users. Additionally it would be nice to see this type of data over time, we improve security with each Fedora release so one would expect the procentage of problems we catch without needed an urgent patch would grow as new releases come out.
That kind of data presented in the same clear manner as these videos presented the theory would be most helpful to the ambassadors and other advocates in making the case for security by default. E.g. it would be very helpful for me to be able to tell users, we know that the web browser is a core component of the desktop, we have data to show that it’s historically a major target of security problems however xx% of the critcally marked bugs did not affect you in our default install.. that would make selling security to users much easier it would also make it more clear why it’s so important to us to invest in making it better, whereas right now many people consider it a pretty wanky sys admin feature (akin to the fallacy that security is for servers only).