Openwall project Posted The release of the kernel module lkrg 0.9.2 (Linux Kernel Runtime Guard), designed to detect and block attacks and disorders of the integrity of the kernel structures. For example, the module can protect against unauthorized changes to the working kernel and attempts to change the powers of user processes (determining the use of exploits). The module is suitable for organizing protection against the exploits of the already known vulnerabilities of the Linux kernel (for example, in situations when the system is problematic to update the kernel in the system) and to confront the exploits for still unknown vulnerabilities. Project code extends under the GPLV2 license. The features of LKRG implementation can be found in the first announcement of the project.
Among the changes in the new version:
- compatibility with Linux kernels from 5.14 to 5.16-Rc, as well as with updates LTS-nuclei 5.4.118+, 4.19.191+ and 4.14.233 +.
- Added support for various configurations config_seccomp .
- eliminated false response due to the status of the race when processing Seccomp_filter_flag_tsync.
- The ability to use config_have_static_call setting in Linux 5.10 kernels for blocking the racing states when unloading other modules.
- Added support for the nolkrg kernel parameter to deactivate LKRG at the download stage.
- is preserved in the log of modules blocked when using the lkrg.block_modules = 1 setting.
- SYSTL-settings support is implemented in the /etc/sysctl.d/01-lkrg.conf
- Added DKMS.CONF configuration file for DKMS (Dynamic Kernel Module Support) used to build third-party modules after updating the kernel.
- improved and updated support for debug assemblies and continuous integration systems.
file