Proposed “pkill_on_warn” to kill Linux processes that cause a kernel warning



A new kernel option has been proposed today called “pkill_on_warn” which would kill all threads in a process if that process caused a kernel warning.

Currently, when a process triggers a kernel warning, by default there is no impact on that process. The Linux kernel has a “panic_on_warn” option to cause the kernel to panic when a warning occurs, but pkill_on_warn would be less excessive and at least keep the system operational.

Security researcher and Linux kernel contributor Alexander Popov came up with this new pkill_on_warn option. Popov argued in the patch proposal, “From a security perspective, kernel warning messages provide a lot of useful information for attackers. Many GNU / Linux distributions allow unprivileged users to read the kernel log, so attackers use the kernel leak warning in vulnerability exploits … Let’s introduce the pkill_on_warn boot parameter. If this parameter is set, the kernel kills all threads in a process that caused a kernel warning. This behavior is reasonable from the security perspective described above. It is also useful for strengthening kernel security as the system kills an operating process that reaches a kernel warning.

This would not change the default kernel behavior, but if / when the patch is merged, boot the kernel with pkill_on_warn = 1 would allow this new behavior to kill processes causing kernel warnings.

The proposed fix is ​​currently on the kernel mailing list.



Leave A Reply