惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
爱范儿
爱范儿
有赞技术团队
有赞技术团队
博客园 - 【当耐特】
Jina AI
Jina AI
Project Zero
Project Zero
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
WordPress大学
WordPress大学
Simon Willison's Weblog
Simon Willison's Weblog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tenable Blog
F
Fortinet All Blogs
大猫的无限游戏
大猫的无限游戏
Last Week in AI
Last Week in AI
月光博客
月光博客
雷峰网
雷峰网
G
Google Developers Blog
V
V2EX
T
Tor Project blog
罗磊的独立博客
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
W
WeLiveSecurity
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
P
Privacy International News Feed
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
小众软件
小众软件
Scott Helme
Scott Helme
I
Intezer
T
Threat Research - Cisco Blogs
The GitHub Blog
The GitHub Blog
N
Netflix TechBlog - Medium
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 最新话题
N
News | PayPal Newsroom
L
Lohrmann on Cybersecurity
T
Troy Hunt's Blog
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
人人都是产品经理
人人都是产品经理
Latest news
Latest news
AWS News Blog
AWS News Blog
Apple Machine Learning Research
Apple Machine Learning Research

LWN.net comments

tcmalloc's weird hack [LWN.net] Fixed? [LWN.net] mpd [LWN.net] Userspace AX.25 [LWN.net] RIP [LWN.net] My two cents... [LWN.net] pipx [LWN.net] Tragedy [LWN.net] A young man destined for glory [LWN.net] And 'less' won't let you search [LWN.net] A great loss [LWN.net] Sad and shocking news [LWN.net] Easy migration from Clementine [LWN.net] Sad coincidence [LWN.net] GNOME is actually usable thanks to Seth et al [LWN.net] Sad news :( [LWN.net] armhf supports preempt_rt [LWN.net] MusicBrainz accurracy [LWN.net] On open source maintainership [LWN.net] Let's stop here [LWN.net] Not a new thing [LWN.net] uv is indeed great pgmoneta Some comments on this on a Postgres blog feed [LWN.net] uv [LWN.net] going to Debian [LWN.net] Upgrading 64-bit-capable systems to 64-bit kernels? [LWN.net] Free Software foundations Maintainers can wait for code review but not for publish review? A reasonably extreme point of view [LWN.net] Maintaining old code Varieties of filesystems and schedulers, so why not for IPC mechanisms too? [LWN.net] AI and documentation [LWN.net] Delegating the work to a subsidiary [LWN.net] Maybe they should provide their reviews to the world [LWN.net] Something can be a bug but not a vulnerability [LWN.net] History is a little backwards ... [LWN.net] A reasonably extreme point of view [LWN.net] Let’s stop here [LWN.net] authd [LWN.net] Suggestion for bug report [LWN.net] Software pain points for long-term equipment [LWN.net] Wrong direction [LWN.net] mjg59 has lost the plot there [LWN.net] Role of German law in this? [LWN.net] Without beer? [LWN.net] Feels soul destroying [LWN.net] No zswap in Debian cloud kernel [LWN.net] No Beer?!? [LWN.net] The other fam [LWN.net] Thank you Andrew [LWN.net] Brave! [LWN.net] I second the cost factor [LWN.net] cassandra [LWN.net] Proprietary tools [LWN.net] familiar [LWN.net] ... is also staging. [LWN.net] Python package managers [LWN.net] Pour one out for AX.25... [LWN.net] tun/tap? [LWN.net] Another article at gnulinux.ch [LWN.net] Transitive checks [LWN.net] Just execute from stdin [LWN.net] Cross-compile Vacation [LWN.net] Concrete steps toward RFC 3550 (new Range types) You can rip with Windows apps too! Have the tempfile issues raised in the release notes been fixed? onlyoffice tried to add stuff in the fine print, and failed Work w/o publication is not science Removing art like offensive fortunes is a mistake. [LWN.net] De-googling (was Wtf) [LWN.net] I liked pdfmark [LWN.net] Juice then tag [LWN.net] why did PREEMPT_LAZY caused more preemptions than PREEMPT_NONE with THP disabled? [LWN.net] x86-64 was first introduced in 2003 [LWN.net] no memory safety? [LWN.net] False positive identification rate [LWN.net] "Defensive" AI use [LWN.net] LTS release? [LWN.net] ironic (ugly, good) [LWN.net] Moving away from LLVM [LWN.net] ironic (ugly, good) [LWN.net] Abandoning vim(1) ASAP [LWN.net] "Picard" naming [LWN.net] circular reasoning is a potential source of unsoundness [LWN.net] Nice to see an update [LWN.net] Writable THPs [LWN.net] Whole network messages [LWN.net] I'll fix my code ... [LWN.net] Can also recommend beets [LWN.net] Jack the CD ripper [LWN.net] How about the bad CDs? [LWN.net] systemd-boot [LWN.net] Significant raise of reports [LWN.net] IMO, it's appropriate [LWN.net] How about the bad CDs? [LWN.net] Update to include Part 4? [LWN.net] Pandoc also is invauable for a cheap-and-dirty retrieval augmented generation. [LWN.net] Whole network messages [LWN.net]
Escalating from root to kernel [LWN.net]
mb · 2026-05-31 · via LWN.net comments

Escalating from root to kernel

Posted May 31, 2026 15:46 UTC (Sun) by mb (subscriber, #50428)
In reply to: Escalating from root to kernel by farnz
Parent article: Policies for merging new filesystems
to post comments

Escalating from root to kernel

Posted May 31, 2026 16:49 UTC (Sun) by farnz (subscriber, #17727) [Link] (7 responses)

The original version given was Apple's iOS lockdown, where no process can escalate to kernel privileges, with or without owner consent. That depends on Apple being the only entity with the keys to the kingdom, and being trusted to keep the device secure.

On Linux, however, locking down (as iOS has done) so that no root process can escalate to kernel privileges is not going to happen - a root process with owner consent must be able to escalate to kernel privileges, via either a LKM, or by changing the bootloader configuration to change the kernel to one they control, by design.

As a result, any security design that depends on "root processes cannot get kernel privileges" on Linux needs you to be aware of the exception "unless there is owner consent", as opposed to the iOS variant, where the exception is "unless Apple as kernel developer consents".

Escalating from root to kernel

Posted May 31, 2026 17:13 UTC (Sun) by mb (subscriber, #50428) [Link] (2 responses)

Escalating from root to kernel

Posted Jun 1, 2026 9:08 UTC (Mon) by farnz (subscriber, #17727) [Link] (1 responses)

If that's what you said, why did you tell me that I was wrong for saying exactly that?

Your original claim was that I was wrong for saying that there are always going to be exceptions to the hard rule that root processes must not, under any circumstances, be allowed to gain kernel privileges. That means that there's no exception for owner consent.

Escalating from root to kernel

Posted Jun 1, 2026 16:18 UTC (Mon) by mb (subscriber, #50428) [Link]

The difference is that we are talking about two different things.
You are apparently talking about Linux as a whole and I am talking about a particular instance running. For a given instance it should be possible to restrict root from being equal to kernel privileges. For some configurations we already have that today (Android probably).
For Linux as a whole that's not the case, of course. It must always be possible to opt out of that per admin choice. (or rather the other way around to opt-in to lockdown, of course)
So, it's not really disagreement, it's two different things. Both are true at the same time.

Escalating from root to kernel

Posted Jun 1, 2026 8:52 UTC (Mon) by intelfx (subscriber, #130118) [Link] (3 responses)

Escalating from root to kernel

Posted Jun 1, 2026 9:06 UTC (Mon) by farnz (subscriber, #17727) [Link] (2 responses)

No - the owner is the legitimate purchaser of the device. Apple reserve, as OS developer, privileges that the device owner is not permitted to have (kernel-level access).

As a result, on an Apple system, there is a reason why a device owner cannot run a process that can get kernel privileges - Apple prohibit you from having kernel privileges on your device that you purchased from them. On Linux, it's more nuanced; the owner of the device is permitted to replace any part of the system, including the kernel, and thus you have to be aware that a subset of root processes are always going to be allowed to elevate themselves to kernel privileges.

In other words, on iOS, it's a bug if you can change the bootloader configuration (at all), or load a kernel module that you wrote (at all). On Linux, it's only a bug in some cases, and in other cases, that's the system as designed.

Escalating from root to kernel

Posted Jun 1, 2026 10:01 UTC (Mon) by intelfx (subscriber, #130118) [Link] (1 responses)

Escalating from root to kernel

Posted Jun 1, 2026 12:14 UTC (Mon) by taladar (subscriber, #68407) [Link]

I think the point was more that on Linux the entire problem is a lot more complex because it doesn't have a single platform owner who decides all the low level details and prevents everyone else from making any changes, including the legal owner of the device.