Openwall Project
Pakati pekuchinja mushanduro itsva:
- Iyo kodhi yakagadziridzwa kuti ipe rutsigiro rweakasiyana eCPU zvivakwa. Yakawedzera rutsigiro rwekutanga rweArM64 architecture;
- Kuenderana kunovimbiswa neLinux kernels 5.1 uye 5.2, pamwe nemakernels akavakirwa pasina kusanganisira iyo CONFIG_DYNAMIC_DEBUG sarudzo pakuvaka kernel,
CONFIG_ACPI uye CONFIG_STACKTRACE, uye ine kernels yakavakwa neCONFIG_STATIC_USERMODEHELPER sarudzo. Yakawedzera tsigiro yekuyedza yekernels kubva kugrsecurity purojekiti; - Iyo yekutanga logic yakashandurwa zvakanyanya;
- Mucherechedzo wekuvimbika wakagonesazve kuzvi-hashing uye wakagadzirisa mamiriro emujaho muJump Label injini (*_JUMP_LABEL) iyo inokonzeresa kumisa kana ikatanga panguva imwe chete yekuremedza kana kuburitsa zviitiko zvemamwe ma module.
- Mune kodhi yekuona yekushandiswa, nyowani sysctl lkrg.smep_panic (on by default) uye lkrg.umh_lock (off by default) yawedzerwa, mamwe macheki eSMEP/WP bit akawedzerwa, pfungwa yekutevera mabasa matsva muhurongwa. yakashandurwa, iyo yemukati logic yekuwiriranisa neyebasa zviwanikwa yakagadziridzwa, yakawedzerwa rutsigiro rweOverlayFS, yakaiswa muUbuntu Apport whitelist.
Source: opennet.ru