Loading…
28 - 29 August | Amsterdam, Netherlands
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Linux Security Summit Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time (CEST | UTC+2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."
Friday August 29, 2025 09:55 - 10:25 CEST
Starting with Linux 6.14, we will be able to securely control script execution using new execveat(2) and prctl(2) flags, successors to O_MAYEXEC. This marks a crucial step toward fully supporting code integrity on Linux.

The next steps involve enlighting script interpreters and providing users with straightforward ways to incrementally enforce such restrictions. Options include leveraging existing LSM policies and configuring user-space process management services (e.g., systemd).

In this talk, we will explore the kernel changes that were required (e.g., uAPI, IMA, IPE) and the ongoing complementary user-space updates, including script enlightenment. We will also explain the rationale behind the new securebits and how they facilitate a smooth migration, especially for generic Linux distributions.
Speakers
avatar for Mickaël Salaün

Mickaël Salaün

Senior Software Engineer, Microsoft
Mickaël Salaün is a kernel developer and open source enthusiast. He is mainly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes before hacking into the kernel on a new LSM called Landlock, of which he is now the... Read More →
Friday August 29, 2025 09:55 - 10:25 CEST
G102-103

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Share Modal

Share this link via

Or copy link