The glamorous new kids in the Linux security parade are SELinux, AppArmor, and all manner of virtualization technologies. (Though it is being discovered that virtual machines, just like chroot jails, aren't all that difficult to break out of, so don't count on them for strong security.) more..
Traditionally, Unix/Linux/POSIX filenames can be almost any sequence of bytes, and their meaning is unassigned. The only real rules are that "/" is always the directory separator, and that filenames can't contain byte 0 (because this is the terminator). Although this is flexible, this creates many unnecessary problems. In particular, this lack of limitations makes it unnecessarily difficult to write correct programs (enabling many security flaws), makes it impossible to consistently and accurately display filenames, causes portability problems, and confuses users. more ....
Comments