Linus Torvalds, the father of Linux, announced last Saturday that the locking function would be added for the first time to the new version of the Linux system kernel.

This new security feature of the Linux kernel called "lockdown" will appear in the upcoming Linux 5.4 version as an LSM (Linux Security Module).

This feature is turned off by default and is optional for users due to the risk of breaking existing systems. The main purpose of this new feature is to strengthen the gap between user-mode processes and kernel code by preventing the root account from interacting with kernel code.

When enabled, the new "lockdown" feature will restrict certain Linux kernel functions, even for the root user, making it more difficult for a compromised root account to compromise the rest of the system kernel.

"When enabled, various kernel features are restricted," Torvalds said. "This includes restricting access to kernel features that could allow arbitrary code execution via code provided by a user-level process; blocking Processes write to or read /dev/mem and /dev/kmem memory; block access to open /dev/ports to prevent raw port access; strengthen kernel module signatures, etc.

Linux is a free and open source UNIX-like operating system. The operating system's kernel was first released by Linus Torvalds on October 5, 1991. After adding user space applications, it becomes the Linux operating system. Linux is also the most famous free software and open source software. As long as they follow the GNU General Public License (GPL), any individual or institution can freely use all the underlying source code of Linux, and can also modify and redistribute it freely.