-
TL;DR: The Linux kernel procfs suffers from a historical design that prevents having multiple separate procfs instances inside the same PID namespace. All the mounts are a mirror of the internal one. This blocks developement of Linux containers, sandboxes, and other security related features. Patch solution: PATCH RFC …
Read More -
Sandboxing IoT Apps using lightweight containers is an important step for Linux-IoT based devices, it allows to reduce the exposure from mis-configuration, bugs, or vulnerability exploitation. As a simple example the BrickerBot and similar worms did not use complex 0day exploits. They used simple attack vectors like …
Read More