Morero oa Openwall o lokollotse module ea kernel ea LKRG 0.9.2 (Linux Kernel Runtime Guard, e etselitsoeng ho lemoha le ho thibela litlhaselo le tlōlo ea botšepehi ba sebopeho sa kernel. Mohlala, mojule o ka sireletsa khahlanong le liphetoho tse sa lumelloang ho kernel e sebetsang le ho leka ho fetola litokelo tsa lits'ebetso tsa basebelisi (ho lemoha li-exploits). Mojule o loketse ho sireletsa khahlanong le li-exploits tsa bofokoli ba kernel bo tsejoang. Linux (mohlala, maemong ao ho ntlafatsa kernel ea sistimi ho leng thata) le ho loantša mekhoa e mebe bakeng sa bofokoli bo sa tsejoeng. Khoutu ea projeke e abuoa tlas'a laesense ea GPLv2. Lintlha tsa ts'ebetsong ea LKRG li ka fumanoa phatlalatsong ea pele ea projeke.
Har'a liphetoho tsa mofuta o mocha:
- Ho lumellana le li-kernels hoa netefatsoa Linux ho tloha ho 5.14 ho isa ho 5.16-rc, hammoho le lintlafatso tsa LTS kernel 5.4.118+, 4.19.191+ le 4.14.233+.
- Ts'ehetso e kentsoeng bakeng sa litlhophiso tse fapaneng tsa CONFIG_SECCOM.
- Ts'ehetso e ekelitsoeng bakeng sa "nolkrg" kernel parameter ho tima LKRG ka nako ea ho qala.
- Re lokisitse maikutlo a fosahetseng ka lebaka la maemo a morabe ha o ntse o sebetsa ka SECCOMP_FILTER_FLAG_TSYNC.
- Bokhoni ba ho sebelisa tlhophiso ea CONFIG_HAVE_STATIC_CALL ka har'a li-kernel bo ntlafalitsoe. Linux 5.10+ ho thibela maemo a peiso ha o laolla di-module tse ding.
- Mabitso a li-module tse koetsoeng ha u sebelisa lkrg.block_modules=1 setting a bolokiloe ka har'a log.
- Ho kenngwa tshebetsong ha maemo a sysctl faeleng /etc/sysctl.d/01-lkrg.conf
- E kenyellelitse faele ea tlhophiso ea dkms.conf bakeng sa tsamaiso ea DKMS (Dynamic Kernel Module Support) e sebelisetsoang ho haha li-module tsa motho oa boraro ka mor'a ho ntlafatsa kernel.
- Ts'ehetso e ntlafalitsoeng le e ntlafalitsoeng bakeng sa meaho ea ntlafatso le litsamaiso tse tsoelang pele tsa kopanyo.
Source: opennet.ru
