Openwall Project mwepụta modul kernel (Linux Kernel Runtime Guard), nke na-eme ka achọpụta mgbanwe na-enweghị ikike na kernel na-agba ọsọ (nleba anya nguzosi ike n'ezi ihe) ma ọ bụ na-anwa ịgbanwe ikike nke usoro onye ọrụ (ịchọpụta ojiji nke irigbu). Modul ahụ dabara ma maka ịhazi nchekwa megide mgbagha amatalarị maka kernel Linux (dịka ọmụmaatụ, n'ọnọdụ ebe ọ siri ike imelite kernel na sistemụ), yana maka igbochi nrigbu maka adịghị ike amabeghị. Ị nwere ike ịgụ gbasara njirimara LKRG na .
N'ime mgbanwe ndị dị na ụdị ọhụrụ:
- Emegharịrị koodu ahụ iji nye nkwado maka ụlọ ọrụ CPU dị iche iche. agbakwunyere nkwado mbụ maka ihe owuwu ARM64;
- A na-ahụta ndakọrịta na Linux kernels 5.1 na 5.2, yana kernels wuru na-etinyeghị nhọrọ CONFIG_DYNAMIC_DEBUG mgbe ị na-ewu kernel,
CONFIG_ACPI na CONFIG_STACKTRACE, yana kernels arụnyere na nhọrọ CONFIG_STATIC_USERMODEHELPER. Nkwado nnwale agbakwunyere maka kernels sitere na oru ngo grsecurity; - Agbanwewo mgbagha mmalite mmalite nke ukwuu;
- Onye na-enyocha iguzosi ike n'ezi ihe enwetaghachila onwe ya ma kpochapụ ọnọdụ agbụrụ na injin Jump Label (*_JUMP_LABEL) nke na-akpata igbu oge mgbe ị na-amalite n'otu oge ka ibu ma ọ bụ budata mmemme nke modulu ndị ọzọ;
- N'ime koodu nchọpụta irigbu, agbakwunyere sysctl lkrg.smep_panic ọhụrụ (na ndabara) na lkrg.umh_lock (gbanyụọ na ndabara), agbakwunyere nlele ndị ọzọ maka SMEP/WP bit, mgbagha maka nsuso ọrụ ọhụrụ na sistemụ. agbanweela, emezigharịrị mgbagha nke imekọrịta mmekọrịta yana akụrụngwa ọrụ, agbakwunyere nkwado maka OverlayFS, etinyere na Ubuntu Apport whitelist.
isi: opennet.ru