Linux kernel version 5.4 brings an important security implementation. The lockdown.
What was good already became even better. Of course, software is not flawless, but Linux kernel-based operating systems are known for their high level security. This latest version of Linux, 5.4, among other things, comes with an important security implementation. We're talking about lockdown.
Virtually all Linux users know what, at least superficially, the root user. We know that there is the common user created by us during the installation who is only allowed to make changes in certain non vital parts of the system. And the root user, who is the owner of the piece, having permission to modify everything in the system, including deleting himself.
As we have just seen, there is a barrier that prevents the average user from doing what only the root user can do. The idea behind Lockdown: should there also be a barrier between the root user and the kernel files?
Suggested by a Google Developer In 2010, the Lockdown function, in layman's terms, will isolate the most sensitive parts of the kernel from the rest of the system. Separating them from user accessible parts. With this function enabled, even the root user will not be allowed to modify certain system core files. This protects it from being affected by a compromised root user account.
Lockdown can be used in two different modes:
Integrity: In this mode, users will not be allowed to make any kind of modification to the most sensitive kernel files. However, they will have permission to read them.
Confidentiality: In this mode, users will not be allowed to modify or read these Kernel files.
Lockdown is included in version 5.4 of the Linux Kernel, however, as it is in an experimental phase, it is disabled by default. It can be activated through the parameters: lockdown = integrity or lockdown = confidentiality.
But of course, as always, not everything is just flowers.
Lockdown will surely raise the security level of everything that makes use of the Linux kernel, but also bring some limitations. With this mode enabled, you will not be able to use the Hibernate function. What for some users may not make the slightest difference, but for others it can be quite important. Another point made by some people in the subject comments made on this subject is that Lockdown takes away the user's freedom to do whatever they want with the system, thus hurting the philosophy of free software.
In my opinion, a very welcome feature that only tends to enhance what is already a highlight in Linux systems. The security. I don't think Lockdown takes any chance out of the average user. Common or even intermediate users do not have to access sensitive kernel files. On the other hand, if you are an advanced user, I am pretty sure that you will be able to disable Lockdown on your own system and make any changes you wish. Thus, the only ones hampered by the implementation of this function are the malicious code makers.
Do you think Lockdown will harm users and hurt their freedom? Or do you agree that the benefits brought by this functionality are far greater than the limitations? No matter what your opinion, tell us in the comments.
Do you like Linux and technology? Got a question or problem you can't solve? Come join our community in the Diolinux Plus!
For today all staff!
See an error or would you like to add any suggestions to this article? Collaborate, click here.