Zack's Kernel News

Article from Issue 266/2023

Author(s): Zack Brown

Chronicler Zack Brown reports on the little links that bring us closer within the Linux kernel community.

Best Laid Plans

When the Linux kernel encountered a runtime warning, Alexander Popov didn't like that it had only two possible responses: Ignore the whole thing, or panic (i.e., crash 'n' burn). The crash 'n' burn response would trigger if the user had set the panic_on_warn flag. Otherwise, the warning would be ignored. Alexander felt that a nice middle-of-the-road response would be for the kernel to simply stop whatever it was that caused the warning. This way at least the system could still function.

Alexander also pointed out some security problems with the current state of affairs. He said that to avoid the extreme response, "panic_on_warn is usually disabled on production systems." And, "From a security point of view, kernel warning messages provide a lot of useful information for attackers. Many GNU/Linux distributions allow unprivileged users to read the kernel log, so attackers use kernel warning info leak in vulnerability exploits."

Alexander proposed a compromise so that system administrators and distribution maintainers would not feel the need to completely disable all responses to kernel warnings. He said, "Let's introduce the pkill_on_warn boot parameter. If this parameter is set, the kernel kills all threads in a process that provoked a kernel warning. This behavior is reasonable from a safety point of view described above. It is also useful for kernel security hardening because the system kills an exploit process that hits a kernel warning."

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES

Print Issues

Digital Issues

SUBSCRIPTIONS

Print Subs

Digisubs

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia

Read full article as PDF:

Price $2.95

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs

News

Linux Mint 21.1 Enters Beta Status

With a new version of the Cinnamon Desktop, Linux Mint 21.1 has plenty to offer.
4MLinux 41.0 Now Stable and Ready for Use

The developers behind 4MLinux have changed the status of 41.0 to STABLE, which means it's ready for prime time.
Xfce 4.18 Coming Soon and Offers Subtle Improvements

The Xfce team has announced the release date of the next iteration of the desktop, which includes a good number of features to polish the fan-favorite Linux UI.
Orange Pi Board Has Arch-Based Linux Distribution in the Works

The developers of the Orange Pi board are planning to release an Arch-based Linux distribution available for its hardware as an alternative to Orange Pi OS.
Alpine Linux 3.17 Now Available to the General Public

The developers of Alpine Linux have officially announced the release of the latest version of the security-focused Linux distribution.
The New StarFighter Linux Laptop Now Available for Preorder

A new, completely customizable Linux laptop is now available to preorder from Star Labs.
Critical Escalation Vulnerability Found in the Linux Kernel

A new local privilege escalation vulnerability has been discovered in the Linux kernel and users are encouraged to upgrade/patch immediately.
AlmaLinux 8.7 Now Available

The developers of AlmaLinux have released the latest version of the OS, named Stone Smilodon, to the general public.
New Arch-Based Linux Distribution Aims to be Beginner-Friendly

CachyOS has been created to serve as a Linux distribution for everyone, even while being based on the more complex Arch Linux.
elementary OS 7 Getting Closer to Release

The team behind elementary OS has announced they are now focused on putting the finishing touches on the next major release of the Linux distribution.