The Openwall project has published the release of the LKRG 0.9.0 (Linux Kernel Runtime Guard) kernel module, designed to detect and block attacks and violations of the integrity of kernel structures. For example, the module can protect against unauthorized changes to the running kernel and attempts to change the permissions of user processes (exploit detection). The module is suitable both for organizing protection against exploits of already known Linux kernel vulnerabilities (for example, in situations when it is problematic to update the kernel in the system), and for countering exploits for yet unknown vulnerabilities. The project code is distributed under the GPLv2 license.
Among the changes in the new version:
- Ensured compatibility with Linux kernels from 5.8 to 5.12, as well as stable kernels 5.4.87 and later (including innovations from kernels 5.8 and later) and kernels from RHEL versions up to 8.4, while maintaining support for all previously supported kernel versions, such as like kernels from RHEL 7;
- Added the ability to build LKRG not only as an external module, but also as part of the Linux kernel tree, including its inclusion in the kernel image;
- Added support for many additional kernel and system configurations;
- Fixed several significant bugs and shortcomings in LKRG;
- Significantly simplified the implementation of some LKRG components;
- Changes have been made to simplify further support and debugging of LKRG;
- For testing LKRG, added integration with out-of-tree and mkosi;
- Moved the project repository from BitBucket to GitHub and added continuous integration using GitHub Actions and mkosi, including LKRG build checks and uploads to Ubuntu release kernels, as well as daily builds of the latest mainline kernels provided by the Ubuntu project.
This version of LKRG was directly contributed (via pull requests on GitHub) by several developers who were not previously involved in the project. In particular, this is how Boris Lukashev added the ability to build as part of the Linux kernel tree, and Vitaly Chikunov from ALT Linux added integration with mkosi and GitHub Actions.
In general, despite significant additions, the number of lines of LKRG code has been slightly reduced for the second time in a row (previously it also decreased between versions 0.8 and 0.8.1).
At the moment, the LKRG package in Arch Linux has already been updated to version 0.9.0, and a number of other packages use recent git versions of LKRG and are likely to update to version 0.9.0 and beyond soon as well.
Additionally, we can note a recent publication from the developers of the Aurora OS (Russian modification of Sailfish OS) about the possible strengthening of LKRG using ARM TrustZone.
For more information about LKRG, see the announcement of version 0.8 and the discussion that took place then.
Source: opennet.ru