Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20200609214622.GA1785@pi3.com.pl>
Date: Tue, 9 Jun 2020 23:46:22 +0200
From: Adam Zabrocki <pi3@....com.pl>
To: lkrg-users@...ts.openwall.com
Subject: ISRA optimized functions

Hi,

I've just pushed new changes to LKRG to better support non-standard kernels 
which are more-likely to have ISRA-optimized functions. Additionally, I've 
added more "relax" rules for initialization since not all hooks are critical 
from LKRG perspective. If some of the hooks can't be placed and are not 
critical, initialization is not halt. However, appropriate message is being 
printed. Summary of the changes:

[1] Change initialization logic for exploit detection module:
  - Not all hooks are fatal. If for any reason non-fatal hook can't be placed, continue initialization and print appropriate message
  - If hook is fatal, stop intialization
[2] Add support for ISRA optimized functions:
  - Some of the functions might be optimized by ISRA. However, some of the hooks can still be functional even under ISRA optimized functions.

ISRA optimized function example:

[ 5639.107779] [p_lkrg] Loading LKRG...
[ 5639.123862] Freezing user space processes ... (elapsed 0.001 seconds) done.
[ 5639.125747] OOM killer disabled.
[ 5639.126327] [p_lkrg] 7/23 UMH paths were whitelisted...
[ 5647.021663] [p_lkrg] [kretprobe] register_kretprobe() for <ttwu_do_wakeup> failed! [err=-22]
[ 5647.021761] [p_lkrg] Trying to find ISRA name for <ttwu_do_wakeup>
[ 5647.023761] [p_lkrg] Found ISRA version of function <ttwu_do_wakeup.isra.0>
[ 5647.227805] [p_lkrg] ISRA version was found and hook was planted at <ttwu_do_wakeup.isra.0>
[ 5648.053144] [p_lkrg] LKRG initialized successfully!
[ 5648.053211] OOM killer enabled.
[ 5648.053211] Restarting tasks ... done.

Thanks,
Adam

-- 
pi3 (pi3ki31ny) - pi3 (at) itsec pl
http://pi3.com.pl

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.