“ZDNet Announces Major Security Upgrade in Upcoming Ubuntu Linux 23.10 Release”

Introducing Ubuntu 23.10: The Ultimate in Secure Linux Experience

Canonical, the creators of Ubuntu Linux, are set to release the highly anticipated Ubuntu 23.10 on October 12, 2023. While this new version of the operating system has already generated buzz for its impressive features, one important security enhancement has flown under the radar: Restricted Unprivileged User Namespaces. But don’t be fooled, this new feature has the potential to revolutionize the security of Linux desktops and containers.

Unfamiliar with “restricted unprivileged user namespaces”? Let’s start with the basics. Introduced in the Linux 3.8 kernel in 2019, unprivileged user namespaces are a kernel feature designed to address the security vulnerabilities caused by the traditional Linux permission privilege model, which consists of only two user groups: normal users and superusers (aka root users). The issue is that superusers have the ability to do anything, including causing major harm to the system. This is where restricted unprivileged user namespaces come in.

But while unprivileged user namespaces provide a crucial security measure by allowing administrators to set up isolated containers where normal users can perform administrative tasks without having root access, they also expose kernel interfaces to unprivileged users, potentially creating security loopholes. In fact, these namespaces have been linked to various privilege escalation exploits.

To combat these risks, Canonical is taking a proactive stance in Ubuntu 23.10. The new release will feature restricted unprivileged user namespaces that are controlled and regulated by AppArmor policies. With this selective approach, only authorized applications can access and utilize these namespaces, significantly reducing the associated security risks.

For those unfamiliar, AppArmor is a Linux kernel security module that gives system administrators the ability to restrict the capabilities of programs, using standard UNIX/Linux Mandatory Access Control (MAC) permissions. This feature has been integrated into Ubuntu since 2007 and is also used in the SUSE Linux family. With AppArmor, users can selectively allow or disallow unprivileged user namespaces on a per-application basis, giving them more control over their system’s security.

To turn on this feature, simply use the following commands in your shell:

$ sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=1

$ sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=1

And if you want to disable it, run:

$ sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0

$ sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

But Canonical’s commitment to security doesn’t stop there. The development team is actively seeking user feedback to further refine and optimize this feature before making it a default in the operating system. Once perfected, it will be enabled by default in all future Ubuntu versions.

It’s important to note that this feature will only be available in Ubuntu 23.10 and will not affect previous versions. This is a major step towards safeguarding the operating system against evolving cybersecurity threats while ensuring an optimal user experience. With Ubuntu 23.10, Canonical proves its dedication to delivering a truly secure and user-friendly Linux experience.

Source: https://news.google.com/rss/articles/CBMiXWh0dHBzOi8vd3d3LnpkbmV0LmNvbS9hcnRpY2xlL3VidW50dS1saW51eC0yMy0xMC1pcy1hZGRpbmctYW4taW1wb3J0YW50LW5ldy1zZWN1cml0eS1mZWF0dXJlL9IBaGh0dHBzOi8vd3d3LnpkbmV0LmNvbS9nb29nbGUtYW1wL2FydGljbGUvdWJ1bnR1LWxpbnV4LTIzLTEwLWlzLWFkZGluZy1hbi1pbXBvcnRhbnQtbmV3LXNlY3VyaXR5LWZlYXR1cmUv?oc=5