Le projekthi I-Openwall isandula ukubhengeza ukukhutshwa kwemodyuli ye-kernel ye-LKRG 0.9.4 (I-Linux Kernel Runtime Guard), eyenzelwe ukufumanisa kunye nokuthintela ukuhlaselwa kunye nokuphulwa kwengqibelelo yezakhiwo zekernel.
I-LKRG ipakishwe njenge imodyuli yekernel elayishekayo ezama ukubona utshintsho olungagunyaziswanga kwi-kernel esebenzayo (ukukhangela ingqibelelo) okanye utshintsho kwiimvume zeenkqubo zomsebenzisi (ukubona ubuthathaka).
Ukuhlolwa kwengqibelelo kwenziwa ngokusekelwe kuthelekiso lweehashe ezibaliweyo kwezona ndawo zibalulekileyo zememori kunye nezakhiwo zedatha ye-kernel (IDT (Itheyibhile yeNkcazelo yokuphazamiseka), i-MSR, iitafile zokufowuna kwenkqubo, zonke iinkqubo kunye nemisebenzi, ukuphazamisa abaphathi, uluhlu lweemodyuli ezilayishiwe, imixholo. yecandelo .okubhaliweyo kweminqongo, iimpawu zenkqubo, njl. njl.).
Inkqubo yokuqinisekisa yenziwa isebenze ngamaxesha athile ngokusebenzisa isibali-xesha kwaye xa iziganeko ezahlukeneyo zekernel zisenzeka (umzekelo, xa i-setuid, i-setreuid, ifolokhwe, iphuma, yenza, yenza_init_modyuli, njl njl. iminxeba yesixokelelwano isenziwa).
Malunga neLinux Kernel Runtime Guard
Ukufunyanwa kokusetyenziswa okunokwenzeka kokusetyenziswa kunye nokuthintela ukuhlaselwa kwenziwa kwinqanaba ngaphambi kokuba i-kernel inikeze ukufikelela kwizibonelelo (umzekelo, ngaphambi kokuvula ifayile), kodwa emva kokuba inkqubo inikwe iimvume ezingagunyaziswanga (umzekelo, ukutshintsha i-UID) .
Xa ukuziphatha okungagunyaziswanga kweenkqubo kufunyenwe, kupheliswa ngokunyanzeliswa, okwaneleyo ukuvimba ezininzi zokuxhaphaza. Ekubeni iprojekthi ikwinqanaba lophuhliso kwaye ukulungiswa akukenziwa, iindleko zokusebenza ezipheleleyo zemodyuli zimalunga ne-6.5%, kodwa kwixesha elizayo kucetywa ukunciphisa kakhulu eli nani.
Imodyuli Kufanelekile ukuba ulungiselele ukhuseleko ngokuchasene nezinto esele zaziwa ye Linux kernel malunga nokuxhathisa ubuthathaka obungaziwayo, ukuba abasebenzisi manyathelo akhethekileyo ukujikeleza i-LKRG.
Ababhali ababandakanyi ubukho beempazamo kwikhowudi ye-LKRG kunye neengcamango ezinokuthi zingamanga, ngoko ke, abasebenzisi bayamenywa ukuba bathelekise ingozi yeempazamo ezinokwenzeka kwi-LKRG kunye neenzuzo zendlela yokukhusela ecetywayo.
Kwiimpawu ezintle ze-LKRG, kuphawulwe ukuba indlela yokukhusela yenziwe ngendlela yemodyuli elayishwayo, kwaye kungekhona i-kernel patch, evumela ukuba isetyenziswe kunye neekernel zokusabalalisa rhoqo.
Iimpawu eziphambili ezintsha zeLKRG 0.9.4
Kolu guqulelo lutsha lwemodyuli evezwayo, kuphawulwe ukuba inkxaso eyongeziweyo yenkqubo ye-OpenRC yokuqalisa, kunye nokongeza imiyalelo yokufakela usebenzisa I-DKMS.
Olunye utshintsho olugqamayo kolu guqulelo lutsha kukuba ibonelela ngokuhambelana ne-LTS-kernels ukusuka kwi-Linux 5.15.40+.
Ukongeza koku, kukwagxininiswe ukuba uyilo lwemveliso yomyalezo kwilog luyilwe ngokutsha ukwenza lula uhlalutyo oluzenzekelayo kunye nokuququzelela ukuqonda ngexesha lokuhlalutya ngesandla kunye nokuba imiyalezo ye-LKRG ineendidi zayo zelog, nto leyo eyenza kube lula ukuhlukana nayo. Eminye imiyalezo yekernel.
Kwelinye icala, kuyakhankanywa ukuba itshintshe igama lemodyuli yekernel ukusuka kwi-p_lkrg ukuya kwi-lkrg kwaye inguqulo endala ye-LKRG 0.9.3 isasebenza kwiinguqulelo zekernel ezintsha (5.19-rc* ukuza kuthi ga ngoku). Nangona kunjalo, ukuhambelana kwexesha elide kunye neKernels 5.15.40+, akunjalo utshintsho oluthile olwenziwe kwi-version 0.9.4 kufuneka lusetyenziswe.
Kukwakhankanyiwe ukuba ezinye iinguqu ziyaqwalaselwa ezinxulumene (kodwa mhlawumbi zahlukile) ukubandakanywa kwi-LKRG yokuzikhusela, umzekelo, uqwalaselo lwexesha lokubaleka kwiphepha lememori eligcinwa lifundwa kuphela ixesha elininzi, phakathi kolunye uphuculo.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo, ungazijonga iinkcukacha kwi ukulandela ikhonkco.
Ngokukodwa, imodyuli ivavanyiwe ngeRHEL kernel, OpenVZ/Virtuozzo kunye noBuntu. Kwixesha elizayo kuyakwenzeka ukuququzelela inkqubo yokwakha ngokuhambelana kokubini kwizabelo ezahlukeneyo ezidumileyo.