Sunday, July 12, 03:33
Home inet Linus Torvalds lockdown mode on Linux Kernel

Linus Torvalds lockdown mode on Linux Kernel

After years of discussion and code re-writing, Linus Torvalds approved Saturday a new security feature for the Linux kernel, called "lockdown".

The new feature will come as an LSM (Linux Security Module) to Kernel which will be released soon and will be disabled by default. Its use will be optional because there is a risk that it will overwhelm existing systems.

lockdown

The main function of the new feature will be to bridge the gap between the user processes and the core code, even preventing the root account from interact with the Kernel code, something that could have happened to date.

When enabled, the 'lock' feature will limit some core functionality, even for the root user, making it more difficult for attackers who have acquired root privileges to compromise the rest of the operating system.



"The lockdown is designed to allow kernels to be locked early in the boot process," said Matthew Garrett, a Google engineer who proposed the feature years ago.

"When enabled, various kernel functionalities will be limited," Linus Torvalds said.

This includes restricting access to kernel functions that can allow the execution of arbitrary code provided by user processes:

Capture processes from writing or reading / dev / mem and / dev / kmem memory.

Block access to / dev / port.

Implement kernel module signatures and much more listed here.

The new module will support two modes of locking, described in the description as "integrity" and "confidentiality".

Each mode is unique and will limit access to different kernel functions.

"If set to integrity, the kernel capabilities that allow the user to modify the current kernel will be disabled," Torvalds said.

"If set to confidentiality, the kernel capabilities that allow the user to extract confidential information from the kernel will also be disabled."

Discussions about kernel lockdown started at the beginning of the 2010 by Google engineer Matthew Garrett.

The idea behind this feature was to create a security mechanism that would prevent users from having increased permissions (even the "root" account) so that they would not be able to violate the kernel code.

Back then, although Linux systems used secure boot mechanisms, there were ways in which malware could abuse drivers, root accounts, and user accounts with particularly increased privileges to violate kernel code.

Many security experts have been calling for the blocking of the kernel in recent years, but Torvalds did not particularly agree in the early days.

As a result, many Linux distributions, such as Red Hat, have developed their own Linux Kernel that contained the lock feature. But this year we will see the new feature in all distributions!

LEAVE ANSWER

Please enter your comment!
Please enter your name here

SecNews
SecNewshttps://www.secnews.gr
In a world without fences and walls, who needs Gates and Windows

LIVE NEWS

COVID-19-workplace: What can you do to avoid becoming a source of infection?

The number of COVID-19 cases worldwide seems to be increasing. However, most countries have ...

The best books of 2020, according to Amazon

If you like good books and are looking for new additions to your collection, choose from the 5 best books, according to ...

US Secret Service: Warns of increased attacks on MSPs

In June, the US Secret Service warned the private sector as well as government agencies that there has been a worrying increase ...

Create an imaginative meme and win a OnePlus Nord

One of the most anticipated financial smartphones of OnePlus, the OnePlus Nord, is going to be presented soon at an event that will take place ...

Sony: Invest $ 250 Million in Fortnite Epic Games!

Sony has made an investment of $ 250 million to acquire a 1,4% stake in Epic Games, ...

C-Data FTTH OLT devices contain backdoors

Serious vulnerabilities and backdoors were discovered by two security researchers in the firmware of 29 FTTH OLT devices, the popular equipment provider C-Data.

Spotify, Pinterest and Tinder are "crashing" because of D. Facebook

Popular applications and services, such as Spotify, Pinterest and Tinder, have cracked iOS devices ....

Technology and Teachers: What Do Experts Appreciate?

Too many educators around the world have struggled to adopt the technological tools in the midst of the pandemic to deliver lessons ...
00:02:24

COVID-19 apps: Virus detection applications violate privacy

COVID-19 apps: Beware, they violate private privacy Virus detection applications violate private privacy by recording more data than they need, setting ...

Debian 8 “Jessie”: Another version in End-of-life stage

After a long support of Debian 8 "Jessie", the development team of the operating system announced that it stops ...