Mashruuca Openwall wuxuu daabacay siideynta moduleka kernel LKRG 0.9.2 (Linux Kernel Runtime Guard), oo loogu talagalay in lagu ogaado lagana hortago weerarrada iyo xadgudubyada sharafta qaab-dhismeedka kernel-ka. Tusaale ahaan, cutubku wuxuu ka ilaalin karaa isbeddellada aan la oggolayn ee kernel-ka socda iyo isku dayga lagu beddelayo oggolaanshaha hababka adeegsadaha (ogaanshaha isticmaalka ka faa'iidaysiga). Module-ku wuxuu ku habboon yahay labadaba abaabulka ilaalinta ka-faa'iidaysiga dayacanka kernel-ka Linux ee hore loo yaqaan (tusaale ahaan, xaaladaha ay adag tahay in la cusboonaysiiyo kernel-ka nidaamka), iyo ka-hortagga ka faa'iidaysiga dayacanka aan weli la garanayn. Xeerka mashruuca waxa lagu qaybiyaa shatiga GPLv2. Waxaad ka akhriyi kartaa sifooyinka hirgelinta LKRG marka ugu horeysa ee lagu dhawaaqo mashruuca.
Waxaa ka mid ah isbeddelada nooca cusub:
- Waafaqid waxaa la siiyaa kernels Linux min 5.14 ilaa 5.16-rc, iyo sidoo kale cusboonaysiinta kernels LTS 5.4.118+, 4.19.191+ iyo 4.14.233+.
- Taageero lagu daray isku xidhka CONFIG_SECOMP ee kala duwan.
- Taageero lagu daray "nolkrg" kernel parameter si loo damiyo LKRG wakhtiga bootinta
- Go'an been been abuur ah sababtoo ah xaalad jinsiyadeed marka la farsameynayo SECCOMP_FILTER_FLAG_TSYNC.
- La hagaajiyay awoodda isticmaalka CONFIG_HAVE_STATIC_CALL dejinta Linux kernels 5.10+ si loo joojiyo xaaladaha jinsiyadda marka la dejinayo qaybo kale.
- Magacyada cutubyada la xannibay marka la isticmaalayo lkrg.block_modules=1 dejinta ayaa lagu kaydiyaa log.
- Meelaynta sysctl ee la fuliyay ee faylka /etc/sysctl.d/01-lkrg.conf
- Lagu darey faylka qaabeynta dkms.conf ee nidaamka DKMS (Taageerada Module Kernel Dynamic Kernel) ee loo isticmaalo in lagu dhiso cutubyada qolo saddexaad kadib cusboonaysiinta kernel-ka.
- Taageerada la wanaajiyay oo la cusboonaysiiyay ee dhismooyinka horumarinta iyo nidaamyada is-dhexgalka joogtada ah.
Source: opennet.ru