Linus Torvalds Agrees to Kernel Lockdown » Linux Magazine
Linus Torvalds has lastly agreed to implement lockdown characteristic to the Linux kernel. The options was proposed a number of years in the past however was rejected by Torvalds.
The upcoming launch of Linux, model 5.four, will embrace this characteristic as a Linux Security Module (LSM). It can have two lockdown modes: “integrity” and “confidentiality.”
Torvalds defined that, “If set to integrity, kernel features that allow userland to modify the running kernel are disabled. If set to confidentiality, kernel features that allow userland to extract confidential information from the kernel are also disabled.”
According to ZDNet, the brand new characteristic’s main operate will likely be to strengthen the divide between userland processes and kernel code – even the foundation person can have restricted acces.
The characteristic will likely be disabled by default because it may lead to surprising behaviors. Many Linux distributions, together with Ubuntu and Red Hat have already applied their very own lockdown options utilizing further modules.