"pkill_on_warn" Proposed For Killing Linux Processes That Cause A Kernel Warning
A new kernel option was proposed today called "pkill_on_warn" that would kill all threads in a process if that process provoked a kernel warning.
Currently when a process triggers a kernel warning there is no impact on that process by default. The Linux kernel does have a "panic_on_warn" option to cause a kernel panic when a warning happens, but pkill_on_warn would be less of an overkill and at least keep the system up and running.
Security researcher and Linux kernel contributor Alexander Popov proposed this new pkill_on_warn option. Popov argued in the patch proposal, "From a security point of view, kernel warning messages provide a lot of useful information for attackers. Many GNU/Linux distributions allow unprivileged users to read the kernel log, so attackers use kernel warning infoleak in vulnerability exploits...Let's introduce the pkill_on_warn boot parameter. If this parameter is set, the kernel kills all threads in a process that provoked a kernel warning. This behavior is reasonable from a safety point of view described above. It is also useful for kernel security hardening because the system kills an exploit process that hits a kernel warning."
This wouldn't change the default kernel behavior but if/when the patch is merged, booting the kernel with pkill_on_warn=1 would enable this new behavior to kill processes causing kernel warnings.
The proposed patch is currently on the kernel mailing list.
Currently when a process triggers a kernel warning there is no impact on that process by default. The Linux kernel does have a "panic_on_warn" option to cause a kernel panic when a warning happens, but pkill_on_warn would be less of an overkill and at least keep the system up and running.
Security researcher and Linux kernel contributor Alexander Popov proposed this new pkill_on_warn option. Popov argued in the patch proposal, "From a security point of view, kernel warning messages provide a lot of useful information for attackers. Many GNU/Linux distributions allow unprivileged users to read the kernel log, so attackers use kernel warning infoleak in vulnerability exploits...Let's introduce the pkill_on_warn boot parameter. If this parameter is set, the kernel kills all threads in a process that provoked a kernel warning. This behavior is reasonable from a safety point of view described above. It is also useful for kernel security hardening because the system kills an exploit process that hits a kernel warning."
This wouldn't change the default kernel behavior but if/when the patch is merged, booting the kernel with pkill_on_warn=1 would enable this new behavior to kill processes causing kernel warnings.
The proposed patch is currently on the kernel mailing list.
21 Comments