Openwall Project
N'ime mgbanwe ndị dị na ụdị ọhụrụ:
- Emegharịrị koodu ahụ iji nye nkwado maka ụlọ ọrụ CPU dị iche iche. agbakwunyere nkwado mbụ maka ihe owuwu ARM64;
- A na-ahụta ndakọrịta na Linux kernels 5.1 na 5.2, yana kernels wuru na-etinyeghị nhọrọ CONFIG_DYNAMIC_DEBUG mgbe ị na-ewu kernel,
CONFIG_ACPI na CONFIG_STACKTRACE, yana kernels arụnyere na nhọrọ CONFIG_STATIC_USERMODEHELPER. Nkwado nnwale agbakwunyere maka kernels sitere na oru ngo grsecurity; - Agbanwewo mgbagha mmalite mmalite nke ukwuu;
- Onye na-enyocha iguzosi ike n'ezi ihe enwetaghachila onwe ya ma kpochapụ ọnọdụ agbụrụ na injin Jump Label (*_JUMP_LABEL) nke na-akpata igbu oge mgbe ị na-amalite n'otu oge ka ibu ma ọ bụ budata mmemme nke modulu ndị ọzọ;
- N'ime koodu nchọpụta irigbu, agbakwunyere sysctl lkrg.smep_panic ọhụrụ (na ndabara) na lkrg.umh_lock (gbanyụọ na ndabara), agbakwunyere nlele ndị ọzọ maka SMEP/WP bit, mgbagha maka nsuso ọrụ ọhụrụ na sistemụ. agbanweela, emezigharịrị mgbagha nke imekọrịta mmekọrịta yana akụrụngwa ọrụ, agbakwunyere nkwado maka OverlayFS, etinyere na Ubuntu Apport whitelist.
isi: opennet.ru