6.5 C
New York
Wednesday, January 20, 2021

LINUX: Kernel lockdown proposed for inclusion in the main branch

After years of work, the patches for the so-called kernel lockdown have been proposed for inclusion in the main branch of Linux. Now it is up to chief developer Torvalds to implement this for the upcoming version.

Must Read

Doctors fulfil the last wish of a patient dying from COVID-19

Often, medical staff play music for patients and hold their hands before death, since relatives cannot be with them...

Why the inaugural looks of Kamala Harris and Jill Biden matter?

Find out which brands experts choose and why it's relevant for them to choose one or the other style The...

Cradle of the Arab Spring: Tunisia engulfed by unrest

The authorities have deployed the national army in several provinces to protect government agencies. For the fourth day, Tunisia is...
Aakash Molpariya
Aakash started in Nov 2018 as a writer at Revyuh.com. Since joining, as writer, he is mainly responsible for Software, Science, programming, system administration and the Technology ecosystem, but due to his versatility he is used for everything possible. He writes about topics ranging from AI to hardware to games, stands in front of and behind the camera, creates creative product images and much more. He is a trained IT systems engineer and has studied computer science. By the way, he is enthusiastic about his own small projects in game development, hardware-handicraft, digital art, gaming and music. Email: aakash (at) revyuh (dot) com

Maintainer James Morris, who is responsible for the security kernel of the Linux kernel, has proposed the kernel lockdown code for inclusion in the main branch. The feature could thus be part of the upcoming Linux version 5.4, which should appear in mid-November. Previously, the patches had already been entered into a testing branch.

Whether the code is actually recorded, depends only on chief developer Linus Torvalds, who is responsible for the main branch. This may well be a matter of form, since the Linux developer community has been discussing about such a technique for about seven years, according to the developer Matthew Garrett points, who was last responsible for the patches.

The goal of the patches is that the current kernel can not be permanently changed by an attacker by simply preventing access to certain kernel interfaces. This even goes so far as to partially separate the root user (UID-0) from the running kernel with its system privileges (Ring-0). Such a separation does not exist so far. Many distributors already rely on similar, own implementations. But with the lockdown patches in the main branch, the technique can be unified.

About a year and a half ago, a revision of the patches caused even clear criticism from some developers. Main point of criticism at that time was the linking of the function with UEFI Secure Boot. Garrett had taken over the work on the patches, among other things, to respond to the then expressed criticism. In the meantime, kernel lockdown has been reworked independently of UEFI Secure Boot and, moreover, as a so-called Linux Security Module (LSM).

- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

Doctors fulfil the last wish of a patient dying from COVID-19

Often, medical staff play music for patients and hold their hands before death, since relatives cannot be with them...
- Advertisement -

More Articles Like This

- Advertisement -