Txoj haujlwm Openwall tau tshaj tawm qhov kev tso tawm ntawm cov ntsiav module LKRG 0.9.2 (Linux Kernel Runtime Guard), tsim los xyuas thiab thaiv kev tawm tsam thiab kev ua txhaum ntawm kev ncaj ncees ntawm cov qauv kernel. Piv txwv li, lub module tuaj yeem tiv thaiv cov kev hloov pauv tsis tau tso cai rau cov kernel khiav thiab sim hloov cov kev tso cai ntawm cov neeg siv cov txheej txheem (nrhiav kev siv cov exploits). Lub module yog haum rau ob qho tib si rau kev txhim kho kev tiv thaiv ntawm exploits ntawm twb paub Linux kernel vulnerabilities (piv txwv li, nyob rau hauv cov xwm txheej uas nws yog ib qho nyuaj rau hloov tshiab kernel nyob rau hauv lub system), thiab rau countering exploits rau tseem tsis tau paub qhov tsis zoo. Txoj haujlwm code raug faib raws li daim ntawv tso cai GPLv2. Koj tuaj yeem nyeem txog cov yam ntxwv ntawm kev siv LKRG hauv thawj qhov kev tshaj tawm ntawm qhov project.
Ntawm cov kev hloov nyob rau hauv lub tshiab version:
- Kev sib raug zoo yog muab nrog Linux kernels los ntawm 5.14 txog 5.16-rc, nrog rau kev hloov tshiab rau LTS kernels 5.4.118+, 4.19.191+ thiab 4.14.233+.
- Ntxiv kev txhawb nqa rau ntau yam CONFIG_SECOMP kev teeb tsa.
- Ntxiv kev txhawb nqa rau "nolkrg" kernel parameter rau deactivate LKRG thaum lub sijhawm khau raj.
- Kho qhov tsis raug zoo vim muaj kev sib tw thaum ua SECOMP_FILTER_FLAG_TSYNC.
- Txhim kho lub peev xwm los siv CONFIG_HAVE_STATIC_CALL teeb tsa hauv Linux kernels 5.10+ los thaiv cov haiv neeg thaum tshem tawm lwm cov qauv.
- Cov npe ntawm cov modules thaiv thaum siv lkrg.block_modules=1 teeb tsa tau raug cawm hauv lub cav.
- Kev siv qhov chaw ntawm sysctl nqis hauv cov ntaub ntawv /etc/sysctl.d/01-lkrg.conf
- Ntxiv dkms.conf configuration file rau DKMS (Dynamic Kernel Module Support) system siv los tsim cov neeg thib peb modules tom qab hloov tshiab kernel.
- Txhim kho thiab hloov kho kev txhawb nqa rau kev tsim kho thiab kev sib koom ua ke txuas ntxiv.
Tau qhov twg los: opennet.ru