Stefan Mileschin

Thou shalt not change the kernel code

Over the weekend, IT's Mr Sweary Linus Torvalds approved a new security feature for the Linux kernel, named 'lockdown'.

The new feature will ship as a LSM (Linux Security Module) in the soon to be released Linux kernel 5.4 branches, where it will be turned off by default. It has to be optional because it could break existing systems.

The new feature's primary function will be to strengthen the divide between userland processes and kernel code by preventing even the root account from interacting with kernel code -- something that it's been able to do, by design, until now.

When enabled, the new "lockdown" feature will restrict some kernel functionality, even for the root user, making it harder for compromised root accounts to compromise the rest of the OS.

Torvalds said: "When enabled, various pieces of kernel functionality are restricted. This includes restricting access to kernel features that may allow arbitrary code execution via code supplied by userland processes; blocking processes from writing or reading /dev/mem and /dev/kmem memory; block access to opening /dev/port to prevent raw port access; enforcing kernel module signatures; and many more others."

https://fudzilla.com/news/pc-hardwar...rnal-lock-down