Language Selection

English French German Italian Portuguese Spanish

Security in Linux 5.4

Filed under
Linux
Security

Linux 5.4 Security 'Lockdown' and More

  • Linus Torvalds To Add “Lockdown” Security Feature In Linux 5.4

    The feature was proposed by Google engineer Matthew Garrett in 2010. He said, “The lockdown module is intended to allow for kernels to be locked down early in [the] boot [process].”

    The Lockdown feature in Linux is mainly intended to prevent root account from tampering with kernel code, thus drawing a line between userland processes and the code.

    The security feature will be disabled by default when it will be shipped. Upon enabling it, even root accounts won’t be able to access certain kernel functionalities, thus protecting the operating system from being affected from a compromised root account.

  • Linus Torvalds Kicks Off Development of Linux Kernel 5.4, First RC Is Out Now

    It's been two weeks since the release of the Linux 5.3 kernel series, and the merge window for Linux kernel 5.4 is now officially closed, which means that the development cycle can start and weekly RC (Release Candidate) builds will be released to allow the community to test it and send feedback.

    The first Linux kernel 5.4 Release Candidate build is now available to download from kernel.org or through our free Linux software portal if you want to take it for test drive, but please be aware that this is an early development release that should not be installed on production machines.

Linux kernel 5.4 to get lockdown functionality

  • Linux kernel 5.4 to get lockdown functionality

    fter years of review and deliberation, Linux creator and principal developer Linus Torvalds approved a new security feature for the Linux kernel, referred to as ‘lockdown.’This functionality should be included in the soon-to-be-released Linux kernel 5.4 branches and should ship as an LSM (Linux Security Module). Usage is optional as their exists risks that the new feature could break existing systems.

California Times USA

Linux Kernel 5.4 to Have Kernel Lockdown and ExFAT Support

  • Linux Kernel 5.4 to Have Kernel Lockdown and ExFAT Support

    Linux Kernel 5.4 will be the last major stable kernel release of the year 2019. The upcoming release has some big changes that will (positively) impact both manufacturers and end users.

    The lockdown feature aims to further strengthen Linux security by “restricting access to kernel features that may allow arbitrary code execution via code supplied by userland processes”.

    In simple words, even the root account cannot modify the kernel code. This will hep in cases where a root account is compromised, the rest of system won’t be easy to compromise specially on kernel level. In even simpler words, it enhances the Linux security.

Linux Security Module officially adds a lockdown to Linux

  • Linux Security Module officially adds a lockdown to Linux

    A new feature is being added to the kernel. Details are sketchy, but all soldiers are reminded to be vigilant. Here is the information received from Commander Torvalds who has personally overseen this change.

    Civilians will see the lockdown (WE ARE IN LOCKDOWN) as a new module called Linux Security Module or LSM.

    Although the LSM only serves to formalise a process that has been naturally built into most Linux distros all along. Documents from the kernel dossier explain: "The majority of mainstream distributions have been carrying variants of this patchset for many years now, so there's value in providing a doesn't meet every distribution requirement, but gets us much closer to not requiring external patches."

    As your puny cannon-foddered brains will not be able to understand the words of our Commander, I shall explain. The LSM means that, when activated, user code cannot interact to make changes to the kernel.

Added line

  • Linux Security Module officially adds a lockdown to Linux

    A new feature is being added to the kernel. Details are sketchy, but all soldiers are reminded to be vigilant. Here is the information received from Commander Torvalds who has personally overseen this change.

    Civilians will see the lockdown (WE ARE IN LOCKDOWN) as a new module called Linux Security Module or LSM.

    WE WILL PROTECT THE LSM!

    Although the LSM only serves to formalise a process that has been naturally built into most Linux distros all along. Documents from the kernel dossier explain: "The majority of mainstream distributions have been carrying variants of this patchset for many years now, so there's value in providing a doesn't meet every distribution requirement, but gets us much closer to not requiring external patches."

Linus Torvalds Agrees To Kernel Lockdown

  • Linus Torvalds Agrees To Kernel Lockdown

    The feature will restrict users with root access to interact with the kernel and make changes to it.

    Linus Torvalds has finally agreed to implement lockdown feature to the Linux kernel. The features was proposed several years ago but was rejected by Torvalds.

    The upcoming release of Linux, version 5.4, will include this feature as a Linux Security Module (LSM). It will have two lockdown modes: “integrity” and “confidentiality.”

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Today in Techrights

Deepin 20 Review: The Gorgeous Linux Distro Becomes Even More Beautiful (and Featureful)

Deepin is already a beautiful Linux distribution. Deepin version 20 puts in a different league altogether with all those visual and feature improvements. Read more

PinePhone Manjaro Edition Pre-Orders Go Live

The moment you’ve all been waiting for is here, you can now pre-order the PinePhone Manjaro Edition Linux phone from PINE64’s online store for as low as $149 USD for the 2GB RAM model or $199 USD for the so-called Convergence Package variant, which comes with 3GB RAM and a USB-C dock to turn the phone into a PC when connected to a monitor, keyboard and mouse. The PinePhone Manjaro Community Edition was announced last month. It comes pre-installed with Manjaro Linux ARM, which is based on the Arch Linux ARM operating system. Three variants of Manjaro Linux ARM for PinePhone are available for you to try with UBports’ Lomiri, Purism’s Phosh or KDE’s Plasma Mobile. Read more

today's howtos