Language Selection

English French German Italian Portuguese Spanish

Security in Linux 5.4

Filed under
Linux
Security

Linux 5.4 Security 'Lockdown' and More

  • Linus Torvalds To Add “Lockdown” Security Feature In Linux 5.4

    The feature was proposed by Google engineer Matthew Garrett in 2010. He said, “The lockdown module is intended to allow for kernels to be locked down early in [the] boot [process].”

    The Lockdown feature in Linux is mainly intended to prevent root account from tampering with kernel code, thus drawing a line between userland processes and the code.

    The security feature will be disabled by default when it will be shipped. Upon enabling it, even root accounts won’t be able to access certain kernel functionalities, thus protecting the operating system from being affected from a compromised root account.

  • Linus Torvalds Kicks Off Development of Linux Kernel 5.4, First RC Is Out Now

    It's been two weeks since the release of the Linux 5.3 kernel series, and the merge window for Linux kernel 5.4 is now officially closed, which means that the development cycle can start and weekly RC (Release Candidate) builds will be released to allow the community to test it and send feedback.

    The first Linux kernel 5.4 Release Candidate build is now available to download from kernel.org or through our free Linux software portal if you want to take it for test drive, but please be aware that this is an early development release that should not be installed on production machines.

Linux kernel 5.4 to get lockdown functionality

  • Linux kernel 5.4 to get lockdown functionality

    fter years of review and deliberation, Linux creator and principal developer Linus Torvalds approved a new security feature for the Linux kernel, referred to as ‘lockdown.’This functionality should be included in the soon-to-be-released Linux kernel 5.4 branches and should ship as an LSM (Linux Security Module). Usage is optional as their exists risks that the new feature could break existing systems.

California Times USA

Linux Kernel 5.4 to Have Kernel Lockdown and ExFAT Support

  • Linux Kernel 5.4 to Have Kernel Lockdown and ExFAT Support

    Linux Kernel 5.4 will be the last major stable kernel release of the year 2019. The upcoming release has some big changes that will (positively) impact both manufacturers and end users.

    The lockdown feature aims to further strengthen Linux security by “restricting access to kernel features that may allow arbitrary code execution via code supplied by userland processes”.

    In simple words, even the root account cannot modify the kernel code. This will hep in cases where a root account is compromised, the rest of system won’t be easy to compromise specially on kernel level. In even simpler words, it enhances the Linux security.

Linux Security Module officially adds a lockdown to Linux

  • Linux Security Module officially adds a lockdown to Linux

    A new feature is being added to the kernel. Details are sketchy, but all soldiers are reminded to be vigilant. Here is the information received from Commander Torvalds who has personally overseen this change.

    Civilians will see the lockdown (WE ARE IN LOCKDOWN) as a new module called Linux Security Module or LSM.

    Although the LSM only serves to formalise a process that has been naturally built into most Linux distros all along. Documents from the kernel dossier explain: "The majority of mainstream distributions have been carrying variants of this patchset for many years now, so there's value in providing a doesn't meet every distribution requirement, but gets us much closer to not requiring external patches."

    As your puny cannon-foddered brains will not be able to understand the words of our Commander, I shall explain. The LSM means that, when activated, user code cannot interact to make changes to the kernel.

Added line

  • Linux Security Module officially adds a lockdown to Linux

    A new feature is being added to the kernel. Details are sketchy, but all soldiers are reminded to be vigilant. Here is the information received from Commander Torvalds who has personally overseen this change.

    Civilians will see the lockdown (WE ARE IN LOCKDOWN) as a new module called Linux Security Module or LSM.

    WE WILL PROTECT THE LSM!

    Although the LSM only serves to formalise a process that has been naturally built into most Linux distros all along. Documents from the kernel dossier explain: "The majority of mainstream distributions have been carrying variants of this patchset for many years now, so there's value in providing a doesn't meet every distribution requirement, but gets us much closer to not requiring external patches."

Linus Torvalds Agrees To Kernel Lockdown

  • Linus Torvalds Agrees To Kernel Lockdown

    The feature will restrict users with root access to interact with the kernel and make changes to it.

    Linus Torvalds has finally agreed to implement lockdown feature to the Linux kernel. The features was proposed several years ago but was rejected by Torvalds.

    The upcoming release of Linux, version 5.4, will include this feature as a Linux Security Module (LSM). It will have two lockdown modes: “integrity” and “confidentiality.”

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's howtos

  • How To Install Zikula on Ubuntu 20.04 LTS

    In this tutorial, we will show you how to install Zikula on Ubuntu 20.04 LTS. For those of you who didn’t know, Zikula is free open source software (FOSS) It allows webmasters and users to create great portals for secure extranet, online databases, e-commerce and multilingual sites. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Zikula on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

  • How to Install Caddy Web Server on Debian 11

    Caddy is a free, open-source, and modern web server written in GO language. It is a lightweight and commercially supported web server that supports HTTP/2 and experimental HTTP/3 protocols. It can run anywhere with no external dependencies and is expanded via plugins. It is designed with security in mind and provides a number of features that are useful for hosting websites. In this tutorial, I will explain how to install the Caddy web server on Debian 11.

  • How to Install GIMP on Debian 11 Bullseye - LinuxCapable

    GIMP is free, open-source raster graphics editing software primarily used for image manipulation and image editing, transcoding between various image formats, free-form drawing, and many more specialized tasks. GIMP is released under GPL-3.0-or-later license and is available for Linux, macOS, and Microsoft Windows. In the following tutorial, you will learn to install the GIMP application on Debian 11 Bullseye using three alternative methods that you can choose from.

  • How to Install and Use PIP Python Package Manager on Debian 11

    Pip is a widely used package manager for the Python programming language. It is being used for installing and managing additional packages that are not available in the Python standard library. It allows users to search a package from the python packages index as well as install its dependencies. Pip is also known as a "Preferred Installer Program" that can create a completely isolated environment for the Python application. In this article, I will show you how to install and use Pip on Debian 11.

  • How to Install Visual Studio Code Cloud IDE on Rocky Linux 8 [Ed: It is proprietary, it is spying, and it needs to be shunned]
  • How to Remove Trash Can Icon From Left Dock Panel in Ubuntu 21.10 | UbuntuHandbook

    This simple tutorial shows how to remove the trash icon from the dock in Ubuntu 21.10 Impish Indri. Different to the previous releases, Ubuntu 21.10 puts the trash icon on left dock instead of the desktop. However, I don’t use the trash icon in either location. Instead, I removes files using right-click menu options, and go to trash via file manager left sidebar. If you also find it useless, then here’s how to remove it either via a single command or by a graphical configuration tool.

  • How to create a user and add it to the sudoers group in Rocky Linux

    In Linux administration, best practice recommends running commands as a regular user with sudo privileges. This user is simply known as a sudo user, and the user bears root privileges to perform elevated tasks in the system such as installing, updating, upgrading, and removing packages to mention a few. To execute privileged commands as a sudo user, the word ‘sudo’ precedes the actual command. Sudo is short for Super User do and when invoked, it allows underprivileged users to perform elevated tasks using root privileges. By default, the regular user created upon installation is simply an underprivileged user. Thankfully, you can add the user to the sudoers group to impart root privileges. This will allow the user to perform elevated tasks in the system just as a root user would. In this tutorial, we demonstrate how to create a user and add them to the sudoers group on Rocky Linux.

  • How to install Apache, MariaDB and PHP (LAMP) on Debian 11 – VITUX

    The LAMP stack is a collection of open-source software products that are frequently used in conjunction. The acronym LAMP is used to describe a computer system that has the following components: Linux, Apache HTTP Server (or just server), MySQL and PHP/Perl/Python. A user can install all of these components separately on a single computer or, more commonly, on separate computers connected by a network; however, some components are dependent upon other components – for instance, it is not possible to install Apache without first installing Linux – hence the standard installation practice is to install all components on a single computer system. The LAMP stack is the combination of open-source software to form a server environment most commonly used in web development.

  • How to install OpenSSH server on Alpine Linux (including Docker) - nixCraft

    This quick tutorial explains how to install and set up OpenSSH (SSHD) server and client on the Alpine Linux system. Further, you will learn how to build a Docker Linux container running sshd server based upon Alpine Linux image too.

  • How to use Shazam on the Linux desktop with SongRec

    Are you listening to a song and don’t know the name of it? Want to “Shazam” it but don’t have an Android or iOS phone? Check out SongRec! It’s an unofficial Shazam client for Linux. Here’s how to use it to “Shazam” on the Linux desktop.

  • Installing KDE On Linux Mint Cinnamon Base - gHacks Tech News

    If you’re like me and really enjoy using the KDE Plasma desktop environment, especially as it’s become very lightweight over the last year or two compared to the past where it was known as very heavy on resources, you are probably disappointed that Linux Mint does not offer a KDE version of its popular Ubuntu-based distribution. However, installing KDE is very easily accomplished, and doesn’t take very long.

  • A Fresh Installation of Debian 11 Bullseye

    August 14, 2021, marks a new major release for the popular Debian Linux distribution. Codenamed Bullseye and chock-full of enhancements as well as software updates after 2 years, 1 month, and 9 days of development, this release will be supported for the next 5 years. This guide will walk through a fresh installation of Debian 11 Bullseye’s new operating system. With this new release comes quite a bit of new functionality. One of the most welcomed changes is an updated kernel. Buster (Debian 10) was still running 4.19 but now with Bullseye (Debian 11), the jump to 5.10 has brought some wonderful hardware support!

Games: Trine 3 on Linux, Stellaris: Aquatics Species Pack, Cassette Beasts, Julius 1.7

  • How to play Trine 3 on Linux

    Trine 3 is an action/puzzle-platformer video game developed by Frozenbyte. It is the successor to Trine 2 and was released on August 20th, 2015. The game is on Microsoft Windows, Xbox, PS4, Mac OS, and Linux. Here’s how to get it working on your Linux PC. [...] Trine 3 works on Linux as a native game, but you’ll have to install the Steam application first if you want to play it. Thankfully, Steam works on a majority of Linux operating systems. Unfortunately, the software doesn’t come pre-installed on many distributions, so we’ll need to go over how to get it working first.

  • Stellaris: Aquatics Species Pack announced, launching with the free 3.2 update | GamingOnLinux

    Paradox only recently talked about a bunch of changes coming in the free 3.2 update and now they've announced Stellaris: Aquatics Species Pack as the latest DLC. "Sail the intergalactic seas and uncover an all new expansion packed to the gills with new options for new and longtime players alike. The Aquatics Species Pack will rinse Stellaris with a rising tide of new content, including brand new origins, species traits, civics and a treasure trove of new cosmetics. Seafarers and landlubbers alike will agree that this is Stellaris’ most immersive species pack to date.

  • Monster collecting game Cassette Beasts gets a new trailer and publisher | GamingOnLinux

    Cassette Beasts is the upcoming monster collecting game from Bytten Studio and today it has been announced that Raw Fury has joined as publisher. Bytten Studio had been looking for a publisher for some time now so this is great news. Developed in the open source Godot Engine, Cassette Beasts looks like a monster catching game like no other as you use the powerful fusion system to transform into creatures using retro cassette tapes.

  • Julius 1.7 is out, an open source re-implementation of the classic Caesar III | GamingOnLinux

    Julius is another shining example of an open source game engine re-implementation done well and a major update is out. Taking the original Caesar III and upgrading it for modern computing platforms. Not by the original developers though, this is like others, totally unofficial but don't let that stop you enjoying a much improved experience.

Karanbir Singh stepping down from the CentOS Board

Today we have heard from KB that he is stepping down from the CentOS Board of Directors. On behalf of the Board, I want to thank KB for his years of leadership. His work on the project, and in the community, has made the world a better place in tangible ways that affect millions of sysadmins on a daily basis, and that's hard to measure or quantify. On a personal note, I've appreciated his advice, insight, and mentorship as I took the reins of the Community Manager position. His stories and introductions paved the way for success in a role that has been very rewarding and a lot of fun. Read more Also: CentOS Project Chair Karanbir Singh Steps Down

Raspberry Pi LEGO HAT taps RP2040

Raspberry Pi has launched a $25 “LEGO Build HAT” for STEAM education based on its RP2040 MCU. The HAT can control up to 4x LEGO Technic motors and sensors and comes with Python library and an optional $15 power supply. When Raspberry Pi launched its dual Cortex-M0+ based RP2040 MCU and RP2040-based Raspberry Pi Pico module, we speculated that one or both might show up in a Raspberry Pi HAT. Today, Raspberry Pi and Lego Education announced an official LEGO Build HAT based on the RP2040 designed for any 40-pin Raspberry Pi. The $25 HAT is designed for STEAM education and hobbyist hacking for anyone who owns the LEGO Education SPIKE Prime or SPIKE Prime Expansion sets, or other LEGO devices such as the LEGO Mindstorms Robot Inventor kit. Read more