If you think about it, an operating system kernel is really just a very powerful shared library that offers services to many programs. Of course, it is a very powerful library, but still — its main purpose is to provide services to programs. Your program probably doesn’t use all of the myriad services the kernel provides. Even a typical system might not fully use all the things that are in a typical kernel. Red Hat has a new initiative to bring a technology called unikernels to the forefront. A unikernel is a single application linked with just enough of the kernel for it to execute. As you might expect, this can result in a smaller system and better security.
It can also lead to better performance. The unikernel doesn’t have to maintain devices and services that are not used. Also, the kernel and the application can run in the same privilege ring. That may seem like a security hole, but if you think about it, the only reason a regular kernel runs at a higher privilege is to protect itself from a malicious application modifying the kernel to do something bad to another application. In this case, there is no other application.
Continue reading “Linux As A Library: Unikernels Are Coming”
We’ve been watching the progress of the Space Cube since 2004, but PC Pro managed to get their hands on it first. Developed by the Shimafuji Corporation, it comes with 16 megabytes of flash memory and a version of Red Hat is run off a 1 gigabyte CompactFlash card. The design of the Space Cube is pretty minimal, but it’s got the basics down, from a USB port to a VGA output and a D-SUB RS232 input, and even an Ethernet port. The most interesting thing about it is the Space Wire port, which is a proprietary interface use by NASA, the ESA, and JAXA for outer space. Unfortunately for working hackers, this ingenious micro-computer will set you back about £1,500.
After a week of wondering, Red Hat has confirmed that someone broke in and compromised their security. Although It doesn’t appear the attacker was able to retrieve the passphrase used to sign Fedora packages, the team is switching to new keys. In a separate intrusion the attacker tampered with and signed OpenSSH packages for RHEL. While it’s good to get the full story, no one is happy how long it took Red Hat to release these details.
[via Zero Day]