Wannan aikin Openwall ya saki LKRG 0.8 ƙirar ƙirar kernel (Linux Kernel Runtime Guard), tsara don ganowa da toshe hare-hare y keta alfarmar mutuncin structuresan tsarin.
Matakan ya dace duka don tsara kariya daga abubuwan da aka riga aka sani don kwayar Linux (alal misali, a cikin yanayin da sabunta kernel akan tsarin yake da matsala), amma don adawa da amfani don rashin dacewar rauni.
Menene sabon LKRG 0.8?
A cikin wannan sabon sigar an canza matsayin aikin LKRG, meneneba a raba sa'a zuwa tsari daban daban don tabbatar da mutunci da ƙayyade amfani da amfani, amma an gabatar dashi azaman cikakken samfuri don gano hare-hare da cin zarafin mutunci iri-iri;
Game da karfinsu, na wannan sabon sigar, zamu iya gano cewa ya dace da kernels na Linux daga 5.3 zuwa 5.7kazalika da kernels da aka tattara tare da haɓaka GCC mai ƙarfi, ba tare da zaɓuɓɓukan ba CONFIG_USB da CONFIG_STACKTRACE ko tare da zaɓi CONFIG_UNWINDER_ORChaka kuma tare da kernels inda babu ayyukan da LKRG ya katse idan kuna iya yin hakan ba tare da ba.
Baya ga goyon bayan gwaji don dandamali na ARM 32-bit (an gwada akan Rasberi Pi 3 Model B), yayin kuma don samfuran tallafi na baya don AArch64 (ARM64) ana haɓaka ta dacewa tare da Rasberi Pi 4.
A gefe guda, an ƙara sabbin ƙugiyoyi, wanda ya haɗa da mai kiran "ƙugiya ()" don mafi kyau gano raunin da ake amfani da shi ta hanyar "iyawa", maimakon masu gano aikin.
A kan tsarin x86-64, ana bincika SMAP kuma ana amfani da shi (Rigakafin samun dama a cikin yanayin mai kulawa), dtsara don toshe damar isa ga bayanai a cikin sararin mai amfani daga lambar gata da aka zartar a matakin kernel. An aiwatar da kariya ta SMEP (Rigakafin Yanayin Kisan Yanke) a baya.
Ya kasance kara girman tsarin bin diddigin bayanai.
An aiwatar da tsoho kuma an kunna shi, a cikin su amincin masu ganowa Ana aiwatar da aiki sau da yawa kawai don aikin yanzu, kuma kuma ba zaɓi don ayyukan da aka jawo ba (farka). Don wasu ayyuka waɗanda suke cikin yanayin da aka dakatar ko wannan aikin ba tare da kira na kwayar API ta LKRG mai sarrafawa ba, ana yin tabbaci ƙasa da akai-akai.
Baya ga An sake tsara fayil ɗin tsari mai tsari don loda kayan aikin LKRG a matakin farko na lodawa (za a iya amfani da zaɓin layin umarnin kernel don kashe fasalin);
A yayin tattarawa, an bincika wasu daga cikin saitunan CONFIG_ * na kwaya don samar da sakonnin kuskure mai ma'ana maimakon aibu na kuskure.
Daga sauran canje-canjen da suka yi fice a cikin wannan sabon sigar:
- Ara tallafi don Jiran aiki (ACPI S3, Dakatar da RAM) da Dakatar (S4, Dakatar da Disk) halaye.
- Ara tallafi don DKMS a cikin Makefile.
- An gabatar da sabuwar dabara don ƙayyade yunƙurin fita daga takunkumin sararin samaniya (misali, daga kwantena Docker).
- A cikin aikin, ana sanya daidaiton LKRG akan shafi na ƙwaƙwalwa, yawanci ana karanta shi kawai.
- Fitarwa zuwa rajistar bayanai waɗanda zasu iya zama masu amfani ga hare-hare (alal misali, bayanin adireshin a cikin kwaya) an iyakance shi ta yanayin cire kuskure (log_level = 4 da sama da haka), wanda aka kashe ta tsoho.
- An ƙara sabbin sysctl da sigogin siti don tunkarar LKRG, da kuma sysctl biyu don sauƙaƙewar tsari ta zaɓa daga bayanan martaba waɗanda masu haɓaka suka shirya.
- An canza saitunan tsoho don samun daidaitaccen daidaituwa tsakanin saurin gano abin da ya faru da tasirin tasirin, a gefe ɗaya, da tasiri kan yawan aiki da haɗarin kuskuren ƙarya akan ɗayan.
- Dangane da abubuwan ingantawa da aka gabatar a cikin sabon sigar, raguwar aiki lokacin amfani da LKRG 0.8 an kiyasta zuwa 2.5% a cikin yanayin tsoho ("mai nauyi") da 2% a cikin yanayin haske ("haske").
Idan kana son karin bayani game da shi, zaka iya tuntuba cikakkun bayanai a nan.