6.5 C
New York
Monday, January 24, 2022

LINUX: Kernel lockdown proposed for inclusion in the main branch

After years of work, the patches for the so-called kernel lockdown have been proposed for inclusion in the main branch of Linux. Now it is up to chief developer Torvalds to implement this for the upcoming version.

Must Read

This simple habit boosts immune system and lowers risk of flu, infections

This winter hasn't been easy, and there's a nasty flu outbreak due to coronavirus. Aside from masks...

An unusual Omircon Symptom may signal you’re infected, although rapid flow tests may miss it

There is currently no definitive list of coronavirus symptoms that takes into account the virus's changing symptoms...

Foods that can help reduce the risk of hip fracture by 8%

Several dietary habits, according to Leeds University researchers, have the ability to either reduce or increase the...
Aakash Molpariya
Aakash started in Nov 2018 as a writer at Revyuh.com. Since joining, as writer, he is mainly responsible for Software, Science, programming, system administration and the Technology ecosystem, but due to his versatility he is used for everything possible. He writes about topics ranging from AI to hardware to games, stands in front of and behind the camera, creates creative product images and much more. He is a trained IT systems engineer and has studied computer science. By the way, he is enthusiastic about his own small projects in game development, hardware-handicraft, digital art, gaming and music. Email: aakash (at) revyuh (dot) com

Maintainer James Morris, who is responsible for the security kernel of the Linux kernel, has proposed the kernel lockdown code for inclusion in the main branch. The feature could thus be part of the upcoming Linux version 5.4, which should appear in mid-November. Previously, the patches had already been entered into a testing branch.

Whether the code is actually recorded, depends only on chief developer Linus Torvalds, who is responsible for the main branch. This may well be a matter of form, since the Linux developer community has been discussing about such a technique for about seven years, according to the developer Matthew Garrett points, who was last responsible for the patches.

The goal of the patches is that the current kernel can not be permanently changed by an attacker by simply preventing access to certain kernel interfaces. This even goes so far as to partially separate the root user (UID-0) from the running kernel with its system privileges (Ring-0). Such a separation does not exist so far. Many distributors already rely on similar, own implementations. But with the lockdown patches in the main branch, the technique can be unified.

About a year and a half ago, a revision of the patches caused even clear criticism from some developers. Main point of criticism at that time was the linking of the function with UEFI Secure Boot. Garrett had taken over the work on the patches, among other things, to respond to the then expressed criticism. In the meantime, kernel lockdown has been reworked independently of UEFI Secure Boot and, moreover, as a so-called Linux Security Module (LSM).

- Advertisement -


Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

- Advertisement -

More Articles Like This

- Advertisement -