Openwall Project kernel module tso tawm (Linux Kernel Runtime Guard), uas ua kom paub tseeb tias qhov kev hloov pauv tsis raug tso cai rau cov ntsiav tshuaj khiav (kev kuaj xyuas kev ncaj ncees) lossis sim hloov cov kev tso cai ntawm cov neeg siv cov txheej txheem (nrhiav kev siv ntawm kev siv dag zog). Lub module yog haum rau ob qho tib si rau kev txhim kho kev tiv thaiv uas twb paub exploits rau lub Linux ntsiav (piv txwv li, nyob rau hauv cov xwm txheej uas nws yog ib qho nyuaj rau hloov tshiab kernel nyob rau hauv lub system), thiab rau countering exploits rau tseem tsis tau paub qhov tsis zoo. Koj tuaj yeem nyeem txog cov yam ntxwv ntawm LKRG hauv .
Ntawm cov kev hloov nyob rau hauv lub tshiab version:
- Cov cai tau raug refactored los muab kev txhawb nqa rau ntau yam CPU architectures. Ntxiv kev txhawb nqa thawj zaug rau ARM64 architecture;
- Kev sib raug zoo tau lees paub nrog Linux kernels 5.1 thiab 5.2, nrog rau cov ntsiav tsim tsis suav nrog CONFIG_DYNAMIC_DEBUG cov kev xaiv thaum tsim lub kernel,
CONFIG_ACPI thiab CONFIG_STACKTRACE, thiab nrog cov kernels tsim nrog CONFIG_STATIC_USERMODEHELPER kev xaiv. Ntxiv kev sim txhawb rau cov kernels los ntawm txoj haujlwm grsecurity; - Lub logic pib tau hloov pauv loj heev;
- Tus neeg saib xyuas kev ncaj ncees tau rov ua kom nws tus kheej-hashing thiab kho qhov kev sib tw hauv Jump Label engine (*_JUMP_LABEL) uas ua rau muaj kev tsis sib haum xeeb thaum pib ua haujlwm tib lub sijhawm thaum thauj lossis tshem tawm cov xwm txheej ntawm lwm cov modules;
- Hauv kev tshawb nrhiav kev siv code, tshiab sysctl lkrg.smep_panic (ntawm lub neej ntawd) thiab lkrg.umh_lock (tawm los ntawm lub neej ntawd) tau ntxiv, cov kev kuaj xyuas ntxiv rau SMEP / WP ntsis tau ntxiv, cov laj thawj rau kev taug qab cov haujlwm tshiab hauv lub kaw lus tau raug hloov lawm, lub logic sab hauv ntawm synchronization nrog cov peev txheej ua haujlwm tau raug kho dua tshiab, ntxiv kev txhawb nqa rau OverlayFS, muab tso rau hauv Ubuntu Apport whitelist.
Tau qhov twg los: opennet.ru