Ihe oru ngo nke Openwall ebipụtala ntọhapụ nke modul kernel LKRG 0.9.2 (Linux Kernel Runtime Guard), emebere iji chọpụta na igbochi mwakpo na mmebi nke iguzosi ike n'ezi ihe nke kernel. Dịka ọmụmaatụ, modul ahụ nwere ike ichebe megide mgbanwe ndị na-enweghị ikike na kernel na-agba ọsọ ma na-anwa ịgbanwe ikike nke usoro onye ọrụ (ịchọpụta iji ihe arụrụ arụ). Modul ahụ dabara ma maka ịhazi nchekwa megide nrigbu nke adịghị ike kernel Linux ama ama (dịka ọmụmaatụ, n'ọnọdụ ebe ọ siri ike imelite kernel na sistemụ), yana maka igbochi nrigbu maka adịghị ike amabeghị. A na-ekesa koodu ọrụ n'okpuru ikikere GPLv2. Ị nwere ike ịgụ banyere atụmatụ nke mmejuputa LKRG na ọkwa mbụ nke ọrụ ahụ.
N'ime mgbanwe ndị dị na ụdị ọhụrụ:
- Enyere ndakọrịta na kernel Linux site na 5.14 ruo 5.16-rc, yana mmelite na kernel LTS 5.4.118+, 4.19.191+ na 4.14.233+.
- Nkwado agbakwunyere maka nhazi CONFIG_SECOMP dị iche iche.
- Nkwado agbakwunyere maka paramita kernel "nolkrg" iji gbanyụọ LKRG n'oge buut.
- Edoziri ezigbo mma n'ihi ọnọdụ agbụrụ mgbe a na-ahazi SECCOMP_FILTER_FLAG_TSYNC.
- Emelitere ikike iji ntọala CONFIG_HAVE_STATIC_CALL na Linux kernels 5.10+ iji gbochie ọnọdụ agbụrụ mgbe ị na-ebugo modul ndị ọzọ.
- A na-echekwa aha modul egbochiri mgbe ị na-eji ntọala lkrg.block_modules=1 n'ime ndekọ.
- Ntinye ntọala sysctl etinyere na faịlụ /etc/sysctl.d/01-lkrg.conf
- Agbakwunyere faịlụ nhazi dkms.conf maka sistemụ DKMS (Dynamic Kernel Module Support) eji wuo modul ndị ọzọ ka emelitere kernel.
- Nkwado emelitere na emelitere maka mmepe mmepe yana usoro ntinye aka na-aga n'ihu.
isi: opennet.ru