Iphrojekthi ye-Openwall ishicilele ukukhululwa kwemojula ye-kernel LKRG 0.9.2 (Linux Kernel Runtime Guard), eklanyelwe ukuthola futhi ivimbe ukuhlaselwa kanye nokwephulwa kobuqotho bezakhiwo ze-kernel. Isibonelo, imojuli ingavikela ezinguqukweni ezingagunyaziwe ku-kernel esebenzayo futhi izame ukushintsha izimvume zezinqubo zomsebenzisi (ukuthola ukusetshenziswa kokuxhashazwa). Imojula ifanele kokubili ukuhlela ukuvikelwa ezenzweni zobungozi be-Linux kernel osewaziwayo (isibonelo, ezimeni lapho kunzima khona ukubuyekeza i-kernel ohlelweni), kanye nokubala ukuxhashazwa ngobungozi obungaziwa okwamanje. Ikhodi yephrojekthi isatshalaliswa ngaphansi kwelayisensi ye-GPLv2. Ungafunda mayelana nezici zokuqaliswa kwe-LKRG esimemezelweni sokuqala sephrojekthi.
Phakathi kwezinguquko zenguqulo entsha:
- Ukuhambisana kunikezwa ngama-Linux kernels asuka ku-5.14 kuya ku-5.16-rc, kanye nezibuyekezo ze-LTS kernels 5.4.118+, 4.19.191+ kanye ne-4.14.233+.
- Kungezwe usekelo lwezilungiselelo ezahlukahlukene ze-CONFIG_SECCOM.
- Kungezwe usekelo lwepharamitha ye-kernel ye-"nolkrg" ukuze kungasebenzi i-LKRG ngesikhathi sokuqalisa.
- Kulungiswe okungelona iqiniso ngenxa yesimo somjaho lapho kucutshungulwa i-SECCOMP_FILTER_FLAG_TSYNC.
- Kuthuthukiswe amandla okusebenzisa ukulungiselelwa kwe-CONFIG_HAVE_STATIC_CALL ku-Linux kernels 5.10+ ukuze kuvinjwe izimo zomjaho lapho kuthululwa amanye amamojula.
- Amagama amamojula avinjiwe lapho kusetshenziswa isilungiselelo esithi lkrg.block_modules=1 alondolozwe kulogi.
- Ukubekwa okusetshenzisiwe kwezilungiselelo ze-sysctl kufayela /etc/sysctl.d/01-lkrg.conf
- Kwengezwe ifayela lokumisa elithi dkms.conf lesistimu ye-DKMS (Dynamic Kernel Module Support) esetshenziselwa ukwakha amamojula enkampani yangaphandle ngemva kokubuyekezwa kwe-kernel.
- Usekelo oluthuthukisiwe nolubuyekeziwe lwezakhiwo zokuthuthukiswa kanye nezinhlelo zokuhlanganisa eziqhubekayo.
Source: opennet.ru