Linux developers have added a kernel isolation module to the operating system that eliminates user-level access to key parts of the code. Linux experts want to protect the kernel from user processes.Discussions about the need for such a function were conducted for several years, and the creators of the main OS assemblies managed independently implement similar subsystems in their products.
“After years of countless reviews, discussions, and code rewrites, Linus Torvalds approved on Saturday a new security feature for the Linux kernel, named “lockdown.” The new feature will ship as a LSM (Linux Security Module) in the soon-to-be-released Linux kernel 5.4 branch, where it will be turned off by default”, — reported ZDNet journalists.
Isolation was necessary to prevent third-party code from executing in the kernel environment by the user process, even if the latter had root privileges.
The new component, among other things, prohibits:
- Directing access to device ports;
- Changing of signatures of kernel modules;
- Accessing to the processes of writing and reading memory;
- Loading kernel images through requests of the form kexec_file.
Developers have provided two options for the operation of the insulation module. Integrity mode blocks for the user with any rights the ability to make changes to the running kernel of the OS. The Confidentiality protocol is activated additionally and prohibits the extraction of any confidential information from the kernel. According to the authors of Linux, third-party developers will be able to implement additional isolation settings for their builds of the operating system.
“If set to integrity, kernel features that allow userland to modify the running kernel are disabled. If set to confidentiality, kernel features that allow userland to extract confidential information from the kernel are also disabled”, — reported Linus Torvalds, creator of Linux OS.
Developers intend to implement the module as LSM (Linux Security Module) in a future release of the Linux 5.4 kernel. By default, it will be disabled so as not to affect the performance of system programs that have low-level kernel access. The developers recommend that system owners conduct an audit of processes that may be affected when a new component is activated.
A proposal to add a kernel isolation function at the beginning of the current decade was made by Matthew Garrett, now working at Google. The creator of Linux Linus Torvalds for a long time opposed such an improvement, but last year the parties reached mutual understanding and began to develop.