TECH NEWS

Linux kernel maintainers pitch emergency killswitch after CopyFail and Dirty Frag chaos

https://image.theregister.com/5237824.jpg?imageId=5237824&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

Instead of waiting for patch cycles, admins could simply shut down vulnerable functions before attackers get there

Linux kernel maintainers are considering giving admins a giant red emergency button to smash the next time another nasty vulnerability drops before patches are ready.

The proposed feature, named "Killswitch," would let admins temporarily disable specific vulnerable kernel functions at runtime instead of sitting around waiting for fixes. The so-called patch was submitted by Linux stable kernel co-maintainer and Nvidia engineer Sasha Levin after a bruising couple of weeks for Linux security.

The proposal basically gives admins a way to pull the plug on vulnerable kernel functionality. If exploit code starts spreading before patches arrive, the targeted function can be disabled so calls to it immediately fail instead of reaching the vulnerable code.

"When a (security) issue goes public, fleets stay exposed until a patched kernel is built, distributed, and rebooted into," Levin...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more