Iprojekthi ye-Openwall ukukhutshwa kwemodyuli ye-kernel (I-Linux Kernel Runtime Guard), eqinisekisa ukufunyanwa kweenguqu ezingagunyaziswanga kwi-kernel esebenzayo (ukuhlolwa kwengqibelelo) okanye ukuzama ukutshintsha iimvume zeenkqubo zomsebenzisi (ukufumanisa ukusetyenziswa kwezinto ezisetyenziswayo). Imodyuli ifanelekile zombini ukulungiselela ukhuselo ngokuchasene nezenzo esele zaziwayo zeLinux kernel (umzekelo, kwiimeko apho kunzima ukuhlaziya ikernel kwinkqubo), kunye nokubala ukuxhaphaza ngenxa yobuthathaka obungaziwa. Unokufunda malunga neempawu zeLKRG kwi .
Phakathi kotshintsho kwinguqulelo entsha:
- Ikhowudi iye yahlaziywa ukubonelela ngenkxaso kwii-architecture ezahlukeneyo ze-CPU. Inkxaso yokuqala eyongeziweyo yoyilo lwe-ARM64;
- Ukuhambelana kuqinisekiswa nge-Linux kernels 5.1 kunye ne-5.2, kunye neekernel ezakhiwe ngaphandle kokubandakanya iCONFIG_DYNAMIC_DEBUG iinketho xa usakha i-kernel,
CONFIG_ACPI kunye neCONFIG_STACKTRACE, kunye neekernels ezakhiwe ngeCONFIG_STATIC_USERMODEHELPER ukhetho. Inkxaso yovavanyo eyongeziweyo yeenkozo ezivela kwiprojekthi ye-grsecurity; - Ingqiqo yokuqalisa itshintshiwe kakhulu;
- Umhloli wengqibelelo uye waphinda wenza i-self-hashing kwaye yaphelisa imeko yogqatso kwi-injini ye-Jump Label (*_JUMP_LABEL) ebangela ukuba i-deadlock xa iqalwa ngexesha elifanayo njengomthwalo okanye ukukhulula iziganeko zezinye iimodyuli;
- Kwikhowudi yokufumanisa i-exploit, i-sysctl entsha lkrg.smep_panic (ngokungagqibekanga) kunye ne-lkrg.umh_lock (ivaliwe ngokungagqibekanga) yongezwe, iitshekhi ezongezelelweyo ze-SMEP / WP bit zongeziweyo, ingqiqo yokulandelela imisebenzi emitsha kwinkqubo. itshintshiwe, ingqiqo yangaphakathi yongqamaniso kunye nezibonelelo zomsebenzi ziphinde zayilwa, inkxaso eyongeziweyo ye-OverlayFS, ibekwe kuLuhlu olumhlophe lwe-Apport.
umthombo: opennet.ru