The Openwall project has published the release of the LKRG 0.9.2 (Linux Kernel Runtime Guard) kernel module, designed to detect and block attacks and violations of the integrity of kernel structures. For example, the module can protect against unauthorized changes to the running kernel and attempts to change the permissions of user processes (exploit detection). The module is suitable both for organizing protection against exploits of already known Linux kernel vulnerabilities (for example, in situations when it is problematic to update the kernel in the system), and for countering exploits for yet unknown vulnerabilities. The project code is distributed under the GPLv2 license. You can read about the features of the LKRG implementation in the first announcement of the project.
Among the changes in the new version:
- Compatibility is provided with Linux kernels from 5.14 to 5.16-rc, as well as with updates to LTS kernels 5.4.118+, 4.19.191+ and 4.14.233+.
- Added support for various CONFIG_SECCOMP configurations.
- Added support for the "nolkrg" kernel parameter to deactivate LKRG at boot time.
- Fixed a false positive due to a race condition when processing SECCOMP_FILTER_FLAG_TSYNC.
- Improved the ability to use the CONFIG_HAVE_STATIC_CALL setting in Linux kernels 5.10+ to block race conditions when unloading other modules.
- The names of modules blocked when using the lkrg.block_modules=1 setting are saved in the log.
- Implemented placement of sysctl settings in the file /etc/sysctl.d/01-lkrg.conf
- Added dkms.conf configuration file for the DKMS (Dynamic Kernel Module Support) system used to build third-party modules after a kernel update.
- Improved and updated support for development builds and continuous integration systems.
Source: opennet.ru