Posted May 31, 2026 16:49 UTC (Sun) by farnz (subscriber, #17727) [Link] (7 responses)
On Linux, however, locking down (as iOS has done) so that no root process can escalate to kernel privileges is not going to happen - a root process with owner consent must be able to escalate to kernel privileges, via either a LKM, or by changing the bootloader configuration to change the kernel to one they control, by design.
As a result, any security design that depends on "root processes cannot get kernel privileges" on Linux needs you to be aware of the exception "unless there is owner consent", as opposed to the iOS variant, where the exception is "unless Apple as kernel developer consents".
Posted May 31, 2026 17:13 UTC (Sun) by mb (subscriber, #50428) [Link] (2 responses)
Posted Jun 1, 2026 9:08 UTC (Mon) by farnz (subscriber, #17727) [Link] (1 responses)
Your original claim was that I was wrong for saying that there are always going to be exceptions to the hard rule that root processes must not, under any circumstances, be allowed to gain kernel privileges. That means that there's no exception for owner consent.
Posted Jun 1, 2026 16:18 UTC (Mon) by mb (subscriber, #50428) [Link]
The difference is that we are talking about two different things. You are apparently talking about Linux as a whole and I am talking about a particular instance running. For a given instance it should be possible to restrict root from being equal to kernel privileges. For some configurations we already have that today (Android probably). For Linux as a whole that's not the case, of course. It must always be possible to opt out of that per admin choice. (or rather the other way around to opt-in to lockdown, of course) So, it's not really disagreement, it's two different things. Both are true at the same time.
Posted Jun 1, 2026 8:52 UTC (Mon) by intelfx (subscriber, #130118) [Link] (3 responses)
Posted Jun 1, 2026 9:06 UTC (Mon) by farnz (subscriber, #17727) [Link] (2 responses)
As a result, on an Apple system, there is a reason why a device owner cannot run a process that can get kernel privileges - Apple prohibit you from having kernel privileges on your device that you purchased from them. On Linux, it's more nuanced; the owner of the device is permitted to replace any part of the system, including the kernel, and thus you have to be aware that a subset of root processes are always going to be allowed to elevate themselves to kernel privileges.
In other words, on iOS, it's a bug if you can change the bootloader configuration (at all), or load a kernel module that you wrote (at all). On Linux, it's only a bug in some cases, and in other cases, that's the system as designed.
Posted Jun 1, 2026 10:01 UTC (Mon) by intelfx (subscriber, #130118) [Link] (1 responses)
Posted Jun 1, 2026 12:14 UTC (Mon) by taladar (subscriber, #68407) [Link]
I think the point was more that on Linux the entire problem is a lot more complex because it doesn't have a single platform owner who decides all the low level details and prevents everyone else from making any changes, including the legal owner of the device.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。