LKRG, module yakagadzirirwa kuona nekudzivirira kurwiswa uye kutyorwa muLinux Kernel

Iyo purojekiti Openwall yakaburitsa iyo LKRG 0.8 kernel module kuburitswa (Linux Kernel Runtime Guard), yakagadzirirwa kuona nekudzivirira kurwisa y kutyorwa kwekuvimbika kwezvivakwa zvepakati.

The module inokodzera zvese pakuronga dziviriro kubva kune zvinozivikanwa zvinoitwa yeLinux kernel (semuenzaniso, mumamiriro ezvinhu apo kugadzirisa kernel pane system kunonetsa), sekushora kunoshandiswa kwekusaziva kusaziva.

Chii chitsva LKRG 0.8?

Mune iyi vhezheni itsva kumiswa kweprojekti yeLKRG kwachinjwa, chii kuawa haina kukamurwa kuita zvikamu zvakasiyana kuongorora kutendeseka uye kuona kushandiswa kwezviito, asi inoiswa sechigadzirwa chakazara kuona kurwiswa uye kutyorwa kwakasiyana kwekuvimbika;

Nezve kuenderana, kweshanduro iyi nyowani, tinogona kuona kuti inoenderana neLinux kernels kubva 5.3 kusvika 5.7pamwe chete nemeso akaunganidzwa ane hukasha GCC optimizations, pasina sarudzo CONFIG_USB uye CONFIG_STACKTRACE kana nesarudzo CONFIG_UNWINDER_ORCpamwe neguyo uko pasina mabasa akabatwa neLKRG kana uchikwanisa kuita pasina.

Kuwedzera kune iyo rutsigiro rwekuyedza rwe32-bit ARM mapuratifomu (yakaedzwa paRaspberry Pi 3 Model B), nepo kutsigirwa kwekutanga kunowanikwa kweAArch64 (ARM64) inozadzikiswa nekuenderana neRaspberry Pi 4.

Ukuwo, hoko itsva dzave kuwedzerwa, iyo inosanganisira "hokore ()" yekufonera inobata zvirinani kuona kusagadzikana kunoshandiswa ne "kugona", pane kugadzirisa zvitupa.

Pane x86-64 masystem, iyo SMAP bit inotariswa uye yoiswa (Kudzivirirwa kwekuwana mumaneja mode), dyakagadzirirwa kuvhara kupinda kune data mune mushandisi nzvimbo kubva kune yakasarudzika kodhi yakaitwa padanho rekernel. SMEP (Supervisor Mode Kuuraya Kudzivirira) kuchengetedzwa kwakaitwa kare.

Zvave zvakadaro kuwedzerwa kusagadzikana kwedanho rekutevera dhatabhesi: Panzvimbo yemuti mumwe chete weRB unodzivirirwa nespinlock, tafura yehash yemiti 512 RB inosanganisirwa, inodzivirirwa ne512 kuverenga nekunyora makiyi, zvichiteerana;

A default mode inoitwa uye inogoneswa, umo kutarisisa kwekutendeseka kwezviratidzo Kugadziriswa kunowanzoitwa chete kune iro razvino basa, uye zvakare nesarudzo yezvakakonzera mabasa (muka) Kune mamwe mabasa ari mune yakamiswa nyika kana iyo inoshanda isina iyo LKRG-inodzorwa kernel API kufona, kuongororwa kunoitwa kushoma kazhinji.

Kuwedzera kune iyo systemd unit faira rakagadzirwazve kurodha module yeLKRG padanho rekutanga kurodha (iyo kernel yekuraira mutsara sarudzo inogona kushandiswa kudzima module);

Munguva yekusanganisa, mamwe emanyorerwo CONFIG_ * kernel marongero akaongororwa kuti abudise mameseji ekukanganisa pane kudzikamisa zvikanganiso.

Yeimwe shanduko inomira mushanduro iyi nyowani:

  • Wakawedzera rutsigiro rweStandby (ACPI S3, Suspend ku RAM) uye Suspend (S4, Suspend kuDisk) modes.
  • Wakawedzera rutsigiro rweDKMS mune Makefile.
  • Pfungwa nyowani inokurudzirwa kuona kuyedza kubuda mumazita ezvinzvimbo (semuenzaniso, kubva mumidziyo yeDocker)
  • Mukuita, iyo LKRG kumisikidzwa inoiswa pane peji rendangariro, kazhinji kuverenga-chete.
  • Izvo zvinoburitswa kumatanda eruzivo ayo anogona kuve anonyanya kubatsira pakurwisa (semuenzaniso, kero ruzivo mune kernel) inogumirwa ne debug mode (log_level = 4 uye yepamusoro), iyo yakaremara nekutadza.
  • Nyowani sysctl uye module parameter zvakawedzerwa kurongedza LKRG, pamwe neese sysctl yekureruka kumisikidza nekusarudza kubva mumaprofiles akagadzirwa nevakagadziri.
  • Iyo yekumisikidza marongero anochinjwa kuti uwane yakaenzana yakaenzana pakati pekumhanyisa kwekutyorwa kwekuona uye kugona kwekuita, kune rumwe rutivi, uye kukanganisa kune kugadzirwa uye njodzi yezvakanaka zvenhema pane imwe.
  • Zvinoenderana ne optimizations inotsanangurwa mushanduro nyowani, mashandiro anoderera paunenge uchishandisa LKRG 0.8 inofungidzirwa pa2.5% mune yakasarudzika modhi ("inorema") uye 2% munzira yechiedza ("mwenje").

Kana iwe uchida kuziva zvakawanda nezvazvo, unogona kubvunza ruzivo pano. 


Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako