Iprojekthi ye-Openwall
Phakathi kotshintsho kwinguqulelo entsha:
- Ikhowudi iye yahlaziywa ukubonelela ngenkxaso kwii-architecture ezahlukeneyo ze-CPU. Inkxaso yokuqala eyongeziweyo yoyilo lwe-ARM64;
- Ukuhambelana kuqinisekiswa nge-Linux kernels 5.1 kunye ne-5.2, kunye neekernel ezakhiwe ngaphandle kokubandakanya iCONFIG_DYNAMIC_DEBUG iinketho xa usakha i-kernel,
CONFIG_ACPI kunye neCONFIG_STACKTRACE, kunye neekernels ezakhiwe ngeCONFIG_STATIC_USERMODEHELPER ukhetho. Inkxaso yovavanyo eyongeziweyo yeenkozo ezivela kwiprojekthi ye-grsecurity; - Ingqiqo yokuqalisa itshintshiwe kakhulu;
- Umhloli wengqibelelo uye waphinda wenza i-self-hashing kwaye yaphelisa imeko yogqatso kwi-injini ye-Jump Label (*_JUMP_LABEL) ebangela ukuba i-deadlock xa iqalwa ngexesha elifanayo njengomthwalo okanye ukukhulula iziganeko zezinye iimodyuli;
- Kwikhowudi yokufumanisa i-exploit, i-sysctl entsha lkrg.smep_panic (ngokungagqibekanga) kunye ne-lkrg.umh_lock (ivaliwe ngokungagqibekanga) yongezwe, iitshekhi ezongezelelweyo ze-SMEP / WP bit zongeziweyo, ingqiqo yokulandelela imisebenzi emitsha kwinkqubo. itshintshiwe, ingqiqo yangaphakathi yongqamaniso kunye nezibonelelo zomsebenzi ziphinde zayilwa, inkxaso eyongeziweyo ye-OverlayFS, ibekwe kuLuhlu olumhlophe lwe-Apport.
umthombo: opennet.ru