Wannan aikin Openwall kwanan nan ya ba da sanarwar sakin ƙirar kwaya ta LKRG 0.9.4 (Linux Kernel Runtime Guard), wanda aka tsara don ganowa da toshe hare-hare da keta mutuncin tsarin kwaya.
An shirya LKRG azaman wani nau'in kernel mai ɗaukar nauyi wanda ke ƙoƙarin gano canje-canje mara izini a cikin kernel mai gudana (binciken mutunci) ko canje-canje a cikin izini na matakan mai amfani (gano rashin lahani).
Ana yin rajistar amincin ne bisa kwatancen hashes da aka ƙididdige don mahimman wuraren ƙwaƙwalwar ajiya da tsarin bayanan kwaya (IDT (Table Description Tebur), MSR, teburin kiran tsarin, duk matakai da ayyuka, masu katsewa, jerin abubuwan da aka ɗora, abubuwan ciki. na sashin .rubutu na kayayyaki, halayen tsari, da sauransu).
Ana kunna hanyar tabbatarwa lokaci-lokaci ta hanyar mai ƙidayar lokaci da kuma lokacin da al'amuran kernel iri-iri suka faru (misali, lokacin setuid, setreuid, cokali mai yatsu, fita, execve, do_init_module, da sauransu. ana aiwatar da kiran tsarin).
Game da Linux Kernel Runtime Guard
Gano yuwuwar amfani da cin zarafi da toshe hare-hare ana aiwatar da shi a matakin kafin kernel ya ba da damar yin amfani da albarkatu (misali, kafin buɗe fayil), amma bayan aiwatar da tsarin an ba da izini mara izini (misali, canza UID) .
Lokacin da aka gano halayen tsari mara izini, ana dakatar da su da karfi, wanda ya isa ya toshe yawancin fa'ida. Tun da aikin yana cikin matakan haɓakawa kuma ba a riga an inganta haɓakawa ba, jimlar farashin aiki na tsarin kusan 6.5% ne, amma a nan gaba ana shirin rage wannan adadi sosai.
Matakan ya dace duka don tsara kariya daga abubuwan da aka riga aka sani don Linux kernel don magance abubuwan da ba a san su ba tukuna, idan ba su yi amfani da matakan musamman don kewaya LKRG ba.
Marubutan ba su ware gaban kurakurai a cikin lambar LKRG da yiwuwar tabbataccen ƙarya ba, don haka, ana gayyatar masu amfani don kwatanta haɗarin yiwuwar kurakurai a cikin LKRG tare da fa'idodin hanyar kariya da aka tsara.
Daga cikin ingantattun kaddarorin Lkrg, an lura da cewa ana yin aikin kariya a cikin hanyar ɗaukar kaya, kuma ba sabon alkama ba, wanda ke ba da damar amfani da kernels na yau da kullun.
Babban sabbin fasalulluka na LKRG 0.9.4
A cikin wannan sabon tsarin tsarin da aka gabatar, an yi nuni da cewa ƙarin tallafi don tsarin boot ɗin OpenRC, kazalika da ƙara umarnin shigarwa ta amfani da DMMS.
Wani canjin da ya fito a cikin wannan sabuwar sigar ita ce yana ba da jituwa tare da LTS-kernels daga Linux 5.15.40+.
Baya ga wannan, an kuma yi nuni da cewa, an sake fasalta tsarin yadda ake fitar da sakon zuwa ga log domin saukaka bincike ta atomatik da kuma saukaka fahimta yayin bincike na hannu da kuma cewa sakonnin LKRG suna da nau’ikan log nasu, wanda hakan ya sawwaka raba su da sauki. sauran saƙon kwaya.
A gefe guda, an kuma ambata hakan canza sunan tsarin kernel daga p_lkrg zuwa lkrg da kuma wancan tsohon sigar LKRG 0.9.3 har yanzu yana aiki a cikin sababbin sigogin kwaya (5.19-rc * ya zuwa yanzu). Koyaya, don dacewa na dogon lokaci tare da Kernels 5.15.40+, ba haka ba ne dole a yi amfani da wasu canje-canje da aka yi a cikin sigar 0.9.4.
An kuma ambata cewa ana la'akari da wasu canje-canje alaka (amma mai yiwuwa daban) don haɗawa a cikin LKRG kariyar kai, alal misali, daidaitawar lokacin aikin sa yana cikin shafin ƙwaƙwalwar ajiya wanda aka adana shi kawai a yawancin lokaci, tare da sauran abubuwan ingantawa.
Finalmente idan kuna sha'awar ƙarin sani game da shi, zaku iya bincika cikakkun bayanai a cikin bin hanyar haɗi.
Musamman, an gwada tsarin tare da kernel RHEL, OpenVZ/Virtuozzo da Ubuntu. A nan gaba zai yiwu a tsara tsarin ginawa tare da daidaitawar binary don rarrabawa daban-daban.