Just to share that Linux /proc/pid/environ suffers from bugs referenced and fixed here: proc: /proc//environ offset fixes that can be considered …| djalal.opendz.org
Patch your Ubuntu kernels with Tetragon Yaml and BPF to prevent Overlayfs CVE-2023-2640 privilege escalation| djalal.opendz.org
Take advantage of Kernel Image Lockdown with eBPF| djalal.opendz.org
Due to the security features that Linux offers, like booting directly into a readonly filesystem, making filesystems readonly at runtime for apps and …| djalal.opendz.org
At the eBPF Summit 2021, I gave a talk about how to take advantage of eBPF to try to bridge some cloud and IoT security features. My Talk can be found here: …| djalal.opendz.org
Some friends pinged me about a GitHub post that lists Open Source projects used into space, more precisely within the Mars ingenuity mission. The Github post is …| djalal.opendz.org
The Userspace Linux Conference All Systems Go! 2017 videos and talks are now available online. My talk "Modern Deployment for Embedded Linux and IoT" …| djalal.opendz.org
TL;DR: The Linux kernel procfs suffers from a historical design that prevents having multiple separate procfs instances inside the same PID namespace. All the …| djalal.opendz.org
TL;DR: Currently, an explicit call to load or unload kernel modules require CAP_SYS_MODULE capability. However unprivileged users have always been able to load …| djalal.opendz.org
TL;DR: In Linux kernel and as part of the Kernel Self Protection Project we are pushing for new lightweight security mechanisms. On top of that, in systemd we …| djalal.opendz.org
Sandboxing IoT Apps using lightweight containers is an important step for Linux-IoT based devices, it allows to reduce the exposure from mis-configuration, …| djalal.opendz.org