Commit 2249cde5 authored by intrigeri's avatar intrigeri

Design doc: move content to a more adequate place and drop incorrect statement

As our kernel hardening page demonstrates, "the Tails kernel has no more special
kernel security feature than the stock Debian kernel" is incorrect
once one takes runtime configuration into account.
parent fb974f82
......@@ -726,13 +726,6 @@ release Tails. As an alternative, efforts [have been
started](https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=hardening;users=debian-security@lists.debian.org)
to push usage of such hardening features in Debian.
A lot of security features have been implemented upstream at the
kernel level (ASLR, removal of `/dev/kmem`, `/dev/mem` protections,
various stack and heap hardening features, `/proc` or `/sys` not leaking
sensitive information, etc.), most of them being slowly integrated
into Debian. This is the reason why the Tails kernel has no more special
kernel security feature than the stock Debian kernel.
### 3.2.2 Other applications
See [[doc/about/features]].
......
A lot of security features have been implemented upstream at the
kernel level (ASLR, removal of `/dev/kmem`, `/dev/mem` protections,
various stack and heap hardening features, `/proc` or `/sys` not leaking
sensitive information, etc.), most of them being slowly integrated
into Debian. This is the reason why the Tails kernel has only a few
more security features enabled than the stock Debian kernel.
We pass a few kernel parameters on the boot command line and /proc/sys
to increase security at little to no cost.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment