"When a (security) issue goes public, fleets stay exposed until a patched kernel is built, distributed, and rebooted into. For many such issues the simplest mitigation is to stop calling the buggy function. Killswitch provides that."
"The proposal basically gives admins a way to pull the plug on vulnerable kernel functionality. If exploit code starts spreading before patches arrive, the targeted function can be disabled so calls to it immediately fail instead of reaching the vulnerable code."
"Killswitch would work through the kernel's security interface and is mainly intended for subsystems that systems can survive without for a while. In practical terms, Levin's argument is that temporaril"
"First we saw the disclosure of CopyFail, a Linux local privilege escalation bug that quickly moved from disclosure to active exploitation. Days later, Dirty Frag emerged: another Linux privilege escalation flaw with public exploit code and no official fixes, after coordinated disclosure efforts fell apart before patches were ready."
A proposed Linux kernel feature called Killswitch would let administrators temporarily disable vulnerable kernel functions at runtime. The goal is to reduce exposure after a security issue becomes public but before patched kernels are built, distributed, and rebooted. When exploit code begins spreading, targeted function calls would fail immediately instead of reaching vulnerable code. The approach is intended as a mitigation that stops calling buggy functionality rather than waiting for fixes. The proposal is motivated by recent privilege escalation vulnerabilities that moved quickly from disclosure to exploitation and lacked timely official fixes. Killswitch would operate through the kernel security interface and focus on subsystems that can be paused for a period.
#linux-kernel-security #runtime-mitigations #vulnerability-patching #privilege-escalation #incident-response
Read at theregister
Unable to calculate read time
Collection
[
|
...
]