Openwall project Posted The release of the kernel module lkrg 0.9.0 (Linux Kernel Runtime Guard), designed to identify and block attacks and disorders of the integrity of the kernel structures. For example, the module can protect against unauthorized changes to the working core and attempts to change the powers of user processes (determination of the use of exploits). The module is suitable for organizing the protection against exploits of the already known vulnerabilities of the Linux kernel (for example, in situations when the system is problematic to update the kernel in the system) and to confront the exploits for still unknown vulnerabilities. Project code spreads under the GPLV2 license.
Among the changes in the new version:
- compatibility with Linux kernels from 5.8 to 5.12, as well as with stable nuclei 5.4.87 and newer (including innovations from nuclei 5.8 and newer) and with nuclei from versions of Rhel up to 8.4, with support for support and all previously supported versions cores such as kernels from Rhel 7;
- Added the ability to build LKRG not only as an external module, but also in the Linux kernel tree, including its inclusion in the kernel image;
- Added support for many additional kernel configurations and systems;
- fixed several essential errors and flaws in LKRG;
- The implementation of some LKRG components is significantly simplified;
- changed to simplify further support and debugging LKRG;
- for LKRG testing, added integration with Out-of-Tree and mkosi ;
- project repository moved from Bitbucket on GitHub and added continuous integration using Github Actions and MKOSI, including checking and loading and loading LKRG into Ubuntu release kernel, as well as Ubuntu-provided daily assemblies of the freshest mainline-nuclei.
This version of the LKRG direct contribution (through Pull Requests on Github) has made several developers who have previously not participated in the project. In particular, so Boris Lukashev was Added The possibility of assembly as part of the Linux kernel tree, and Vitaly Chikunov from Alt Linux – integration with MKOSI and GitHub Actions.
In general, despite substantial additions, the number of LKRG code lines is slightly reduced by the second time in a row (previously it also decreased between versions of 0.8 and 0.8.1).
At the moment, the package with LKRG in Arch Linux has already been updated to version 0.9.0, and a row Other packages are used by the recent Git versions of LKRG and, probably, will also be updated to version 0.9.0 and further.
Additionally, you can mark the recent Publication from Aurora OS developers (Russian modification of Sailfish OS) about possible strengthening LKRG with ARM TrustZone.
More about LKRG, see the announcement of version 0.8 and the discussion then held.