New versions of Linux will get the function of blocking the kernel from being modified

Новые версии Linux получат функцию блокировки ядра от модификаций

For years, the line of Linux operating systems were known as “free software” users could freely modify any system components. But soon this practice will cease to be widespread. After numerous discussions and revisions of the code, the famous “father of Linux” Linus Torvalds approved for core operating system lock function — it prevents amendments to the code even with root privileges.

The purpose of the new functions is to separate user processes and kernel code, which is not able to interact even user with root access. This, according to developers, will help “strengthen” mechanisms for secure boot and to prevent contamination of the system using an account with elevated privileges.

“The locking module is designed to ensure that the core could be blocked at early stages of the boot process,” said the Google engineer Matthew Garrett, who suggested this feature a few years ago.

The new module will support two modes of call blocker: “integrity” and “confidentiality”. Each of them limits access to various kernel functions. Developers will also be able to impose additional restrictions on modification of the kernel and distribution with special patches.

Despite early criticism of such a mechanism, Linus Torvalds eventually adopted the appearance of this module is to improve security of the OS. He noted that such solutions have long been used in various distributions, so it makes sense to get rid of third-party patches with a cast of all assemblies to a single standard. The corresponding security module (LSM) will appear in the release version of the Linux kernel 5.4.