After years of discussion and code re-writing, Linus Torvalds approved on Saturday a new one feature security for the Linux kernel, which is called “lockdown”.
The new feature will come as an LSM (Linux Security Module) to the Kernel that will be released soon and will be disabled by default. Its use will be optional due to the risk of knocking down existing systems.
The main function of the new feature will be to bridge the gap between the user processes and the core code, even preventing the root account from interact with the Kernel code, something that could have happened to date.
When the "lock" function is activated it will limit some functionalkernel, even for the root user, making it more difficult for rooted attackers to compromise the rest of the operating system.
"The lockdown is intended to allow cores to be locked early in the boot process," said Matthew Garrett, a Google engineer who proposed the feature years ago.
"Once enabled, various kernel functions will be limited," said Linus Torvalds.
This includes restricting access to kernel functions that can allow the execution of arbitrary code provided by user processes:
Capture processes from writing or reading / dev / mem and / dev / kmem memory.
Block access to / dev / port.
Implement kernel module signatures and much more listed here.
The new module will support two ways of locking, which in the description are referred to as "integrity" and "confidentiality" (integrity and confidentiality).
Each mode is unique and will limit access to different kernel functions.
"If it is set to integrity, the kernel capabilities that allow the user to modify the current kernel will be disabled," Torvalds said.
"If set to privacy, the kernel capabilities that allow the user to extract confidential information from the kernel will also be disabled."
Discussions about kernel lockdown started at the beginning of the 2010 by Google engineer Matthew Garrett.
The idea behind this feature was to create a mechanism security which would prevent users from having elevated privileges (even the “root” account) so that they cannot break the kernel code.
Back then, although Linux systems used secure boot mechanisms, there were ways in which a malicious software could abuse drivers, root accounts, and specially elevated user accounts to break kernel code.
Many security experts have been calling for the blocking of the kernel in recent years, but Torvalds did not particularly agree in the early days.
As a result, many Linux distributions, such as Red Hat, have developed their own Linux Kernel that contained the lock feature. But this year we will see the new feature in all distributions!
