6.5 C
New York
Thursday, June 24, 2021

LINUX: Kernel lockdown proposed for inclusion in the main branch

After years of work, the patches for the so-called kernel lockdown have been proposed for inclusion in the main branch of Linux. Now it is up to chief developer Torvalds to implement this for the upcoming version.

Must Read

Aakash Molpariya
Aakash started in Nov 2018 as a writer at Revyuh.com. Since joining, as writer, he is mainly responsible for Software, Science, programming, system administration and the Technology ecosystem, but due to his versatility he is used for everything possible. He writes about topics ranging from AI to hardware to games, stands in front of and behind the camera, creates creative product images and much more. He is a trained IT systems engineer and has studied computer science. By the way, he is enthusiastic about his own small projects in game development, hardware-handicraft, digital art, gaming and music. Email: aakash (at) revyuh (dot) com

Maintainer James Morris, who is responsible for the security kernel of the Linux kernel, has proposed the kernel lockdown code for inclusion in the main branch. The feature could thus be part of the upcoming Linux version 5.4, which should appear in mid-November. Previously, the patches had already been entered into a testing branch.

Whether the code is actually recorded, depends only on chief developer Linus Torvalds, who is responsible for the main branch. This may well be a matter of form, since the Linux developer community has been discussing about such a technique for about seven years, according to the developer Matthew Garrett points, who was last responsible for the patches.

The goal of the patches is that the current kernel can not be permanently changed by an attacker by simply preventing access to certain kernel interfaces. This even goes so far as to partially separate the root user (UID-0) from the running kernel with its system privileges (Ring-0). Such a separation does not exist so far. Many distributors already rely on similar, own implementations. But with the lockdown patches in the main branch, the technique can be unified.

About a year and a half ago, a revision of the patches caused even clear criticism from some developers. Main point of criticism at that time was the linking of the function with UEFI Secure Boot. Garrett had taken over the work on the patches, among other things, to respond to the then expressed criticism. In the meantime, kernel lockdown has been reworked independently of UEFI Secure Boot and, moreover, as a so-called Linux Security Module (LSM).

- Advertisement -


Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

How effective is the cocktail of two different Covid vaccines?

What happens in the body of people vaccinated against coronavirus with different vaccines, is such vaccination effective? German Chancellor Angela...
- Advertisement -

More Articles Like This

- Advertisement -