Iyo Openwall purojekiti yakaburitsa kuburitswa kweiyo kernel module LKRG 0.9.2 (Linux Kernel Runtime Guard), yakagadzirirwa kuona nekuvhara kurwiswa uye kutyorwa kwekuvimbika kwezvimiro zvekernel. Semuenzaniso, iyo module inogona kudzivirira kubva kune isingatenderwe shanduko kune inomhanya kernel uye kuyedza kushandura mvumo yevashandisi maitiro (kuona kushandiswa kwemaitiro). Iyo module inokodzera zvese kuronga dziviriro kubva kune zvakatozivikanwa Linux kernel vulnerabilities (somuenzaniso, mumamiriro ezvinhu apo zvakaoma kugadzirisa kernel muhurongwa), uye yekuverengera zviitiko kune izvo zvisati zvazivikanwa kusagadzikana. Iyo kodhi yeprojekiti yakagoverwa pasi peGPLv2 rezinesi. Iwe unogona kuverenga nezve maficha ekushandiswa kweLKRG muchiziviso chekutanga chepurojekiti.
Pakati pekuchinja mushanduro itsva:
- Kugarisana kunopihwa neLinux kernels kubva pa5.14 kusvika 5.16-rc, pamwe nekuvandudzwa kuLTS kernels 5.4.118+, 4.19.191+ uye 4.14.233+.
- Yakawedzera rutsigiro rwekumisikidza kwakasiyana CONFIG_SECCOM.
- Yakawedzera tsigiro ye "nolkrg" kernel parameter yekudzima LKRG panguva yebhutsu.
- Yakagadzirisa nhema nekuda kwechimiro chemujaho paunenge uchigadzirisa SECCOMP_FILTER_FLAG_TSYNC.
- Yakavandudza kugona kushandisa iyo CONFIG_HAVE_STATIC_CALL kusetwa muLinux kernels 5.10+ kuvharira mamiriro emujaho kana uchiburitsa mamwe mamodule.
- Mazita emamodule akavharwa kana uchishandisa lkrg.block_modules=1 marongero anochengetwa mugwaro.
- Kuiswa kwekuisa kwe sysctl marongero mufaira /etc/sysctl.d/01-lkrg.conf
- Yakawedzerwa dkms.conf configuration file yeDKMS (Dynamic Kernel Module Support) inoshandiswa kugadzira ma modules echitatu mushure mekugadzirisa kernel.
- Yakavandudzwa uye yakagadziridzwa rutsigiro rwebudiriro inovaka uye inoenderera mberi yekubatanidza masisitimu.
Source: opennet.ru