1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'For many such issues the simplest mitigation is to stop calling

    From TechnologyDaily@1337:1/100 to All on Monday, May 11, 2026 18:45:26
    'For many such issues the simplest mitigation is to stop calling the buggyfunction. Killswitch provides that': Experts propose Linux kernel "killswitch" following worrying recent security issues

    Date:
    Mon, 11 May 2026 17:35:00 +0000

    Description:
    A maintainer wants a first-aid kit for the Linux kernel and a proposal is currently being reviewed.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Maintainers proposed a killswitch mechanism to temporarily disable vulnerable kernel functions at runtime via securityfs The feature aims to mitigate highseverity flaws like Copy Fail and Dirty Frag until patches arrive, though it risks system instability Its under community review, positioned as a stopgap measurenot a replacement for proper patching The Linux kernel could soon get a new feature that serves as a temporary safeguard against high-severity vulnerabilities until patches are deployed.

    One of the Linux stable kernel co-maintainers, Sasha Levin, recently proposed a new patch that would allow system administrators to temporarily disable a vulnerable kernel function. That way, if security researchers discover malicious code in the future, users would be able to quickly instruct the kernel not to use it. The feature would not address underlying issues, but since the function would return an error, it could prevent the vulnerability from causing any serious harm before a proper patch is deployed. Latest
    Videos From You may like "Copy Fail" flaw impacts all Linux kernels released since 2017 Another major Linux security flaw revealed 'Dirty Frag' allows root on all major distros, with no patch or fix available yet Linux pulls support for 37-year-old Intel 486 CPU Good idea, does (not) work? If adopted, the feature would be available through the kernels securityfs interface, allowing admins to enable killswitches for specific functions which would render them unusable immediately. The change would take effect at runtime,
    and would remain active until disabled, or until the system is restarted.

    On paper, the idea sounds good. In practice, there are many challenges and moving parts to address. When a function is disabled, it could disrupt the entire system or crash other parts. It could also introduce additional vulnerabilities.

    Therefore, it is important to note that the feature is not imagined for general purpose use. It is also worth mentioning that this feature cannot serve as a replacement for patching.

    Still, it could be a solid first-aid kit to prevent further escalation with high-severity vulnerabilities. Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news
    and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    According to Linuxiac , the idea for the proposed patch came after the disclosure of two critical Linux kernel vulnerabilities - Copy Fail and Dirty Frag . The former was discovered in early March 2026, granting malicious actors privileged access across all major Linux distributions . The latter,
    on the other hand, was discovered late last week. It, too, was a zero-day
    that allows root privileges, but at the moment of disclosure, it did not have a patch which made it extremely dangerous.

    The new feature is currently being reviewed by the Linux community and has
    not yet been introduced. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/for-many-such-issues-the-simplest-mitig ation-is-to-stop-calling-the-buggy-function-killswitch-provides-that-experts-p ropose-linux-kernel-killswitch-following-worrying-recent-security-issues


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)