Wednesday, 07 February 2018 10:55

Linux module aims at security, but will it make the cut?

By

A Linux kernel module that is claimed to protect a system by comparing hashes which are calculated from the most important kernel region/sections/structures with the internal database hashes has been developed but it seems unlikely that it will be incorporated into the mainstream kernel.

The Linux Kernel Runtime Guard has been devised by the Openwall project.

LKRG checks at runtime to find out if any exploits for security flaws are in a system; if so, it attempts to block such attacks.

It can also detect any privilege escalation in processes that are running and kill the guilty process before it can execute any code.

While the project has put up its first public version for download, it is an open question as to whether the kernel project will accept it.

Linux creator Linus Torvalds did not offer any comment when asked about the possibility of the module being accepted into the mainline kernel.

Another group, Grsecurity, creates a hardening patch for the kernel, but its efforts have not been exactly warmly received by Torvalds.

He has, in the past, described the patch as "pure garbage".

Asked about how Grsecurity dealt with a particular issue, Torvalds responded: "Don't bother with Grsecurity. Their approach has always been 'we don't care if we break anything, we'll just claim it's because we're extra secure'.

"The thing is a joke, and they are clowns. When they started talking about people taking advantage of them, I stopped trying to be polite about their bullshit. Their patches are pure garbage."

Asked about LKRG, Linux expert Russell Coker, a longtime developer for the Debian GNU/Linux project who has also contributed code to the NSA's SE-Linux project, told iTWire: "The aim of that is to protect against kernel attacks that have not been specifically written to avoid such checks. 

"While that module is used by hardly anyone there won't be attacks written to avoid it so it will do some good. If it was in the mainline kernel then attackers would write attacks to compromise the kernel and report the same hashes. Which would still make it harder to write attacks.

"I think that we have bigger problems in bad userspace code running as root or running with access to sensitive data."

He said Torvalds was very conservative about what went into the kernel. "It doesn't seem likely that this sort of thing will be well regarded, other smaller changes have taken years to get accepted. See this link," he added.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments