Recent Kernel exploits, attack surface reduction, example IPSEC
Recent kernel exploits have highlighted vulnerabilities in the 'esp' Linux Kernel module, which is part of IPSEC. The author suggests that many Linux distributions install all kernel modules by default, potentially exposing users to security flaws in unused features. A proposal is made to separate less commonly used modules like IPSEC into distinct packages to enhance security through attack surface reduction.
- ▪Multiple recent kernel exploits have affected the 'esp' Linux Kernel module.
- ▪IPSEC is not widely used, raising concerns about the attack surface of unused features.
- ▪The author proposes separating less commonly used kernel modules into distinct packages to improve security.
Opening excerpt (first ~120 words) tap to expand
Products Openwall GNU/*/Linux server OS Linux Kernel Runtime Guard John the Ripper password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists for password cracking passwdqc policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt KDF & password hashing yespower Proof-of-Work (PoW) crypt_blowfish password hashing phpass ditto in PHP tcb better password shadowing Pluggable Authentication Modules scanlogd port scan detector popa3d tiny POP3 daemon blists web interface to mailing lists msulogin single user mode login php_mt_seed mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Openwall.