Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20200708154143.GA9175@openwall.com>
Date: Wed, 8 Jul 2020 17:41:43 +0200
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com, lkrg-users@...ts.openwall.com
Subject: [openwall-announce] LKRG 0.8.1

Hi,

For those new to LKRG, it is a kernel module that performs runtime
integrity checking of the Linux kernel and detection of security
vulnerability exploits against the kernel.  We've recently announced
LKRG 0.8 with its many changes and providing a lot of detail here:

https://www.openwall.com/lists/announce/2020/06/25/1

LKRG 0.8.1 is a bug fix release, now available at the usual location:

https://www.openwall.com/lkrg/

The following major changes have been made between LKRG 0.8 and 0.8.1:

*) Drop init_module() and delete_module() syscall hooks, which were no longer
   justified now that we hook capable() yet contained a nasty bug (first
   reported by Jason A. Donenfeld) allowing a user to trigger an Oops (read via
   a near-NULL pointer) on 64-bit Linux 4.17+
*) Update CONCEPTS to note the risk of running with untested kernel versions
*) Update PERFORMANCE to refer to Phoronix article and raw results on 0.8

LKRG became a bit smaller this time:

$ diff -urN lkrg-0.8 lkrg-0.8.1 | diffstat | tail -1
 17 files changed, 45 insertions(+), 638 deletions(-)

We recommend all users of LKRG on Linux 4.17 or newer on x86_64 or arm64
to update to LKRG 0.8.1 (or eventually newer).

Here's a lengthy message I posted yesterday on the bug that Jason A.
Donenfeld reported and we've fixed with this release:

https://www.openwall.com/lists/lkrg-users/2020/07/07/4

This talks about bug impact, origin, and detail, and includes a reminder
to users and lessons to learn for developers.

In other news, Michael Larabel of Phoronix ran different benchmarks of
LKRG 0.8 than he and us had run against LKRG before.  These include as
many as 119 tests now (up from 58).  The corresponding article and raw
results are available here:

https://www.phoronix.com/scan.php?page=article&item=lkrg-08-linux&num=1
https://openbenchmarking.org/result/2006277-NE-LKRG08BEN46

Once again, we found most of the results reasonable, but were surprised
by some, which we've started looking into.  Unfortunately, automated
analytics of the raw results above show inconsistent geometric means in
two places (a bug, which Michael acknowledged), so we cannot easily and
confidently state LKRG's overall performance impact as seen there, but
the individual test results are usable.

As usual, we welcome any feedback on lkrg-users.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.