Linux maintainer proposes runtime killswitch for vulnerabilities

As outlined in Tech Radar, Linux maintainers are considering a new feature that could act as a temporary safeguard against severe vulnerabilities, offering a way to disable compromised functions until official patches are released.

Linux kernel co-maintainer Sasha Levin has proposed a runtime killswitch mechanism, accessible via securityfs, to temporarily disable vulnerable kernel functions. This feature aims to mitigate high-severity flaws like Copy Fail and Dirty Frag, which have recently impacted Linux distributions by allowing unauthorized root access. While the killswitch could prevent exploitation by returning errors for disabled functions, it carries a risk of system instability or introducing new vulnerabilities due to its runtime nature.

The proposed solution is intended as a stopgap measure, not a replacement for proper patching, and is currently under community review. Its development was spurred by the disclosure of critical zero-day vulnerabilities that left systems exposed without immediate fixes.

Source: Tech Radar