Enforcing the use of OS Login for accessing Linux VMs on Google CloudGoogle Cloud lets us enable OS Login for a project by adding an entry to the project’s metadata. But is this approach sufficient to enforce OS Login for all VMs and users? Not really. Continue »
Hijacking other user’s TCP tunnelsIf you are a frequent SSH user, then you’ll be familiar with local port forwarding. Creating tunnels by using local port forwarding is useful, easy, but also not without risks. Continue »
Ksplice -- safe enough?Last week, Ksplice, an automatic system for rebootless Linux kernel security updates gained some attention. The idea of using hotpatching techniques for applying sucurity fixes to the kernel in order to save reboots is not quite new. Not only does Windows support hotpatching as of Windows Server 2003 SP1, there also have have been attempts to introduce a hot updating infrastructure to the Linux kernel before. Anyway, the paper is an instresting read. Continue »