Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20200630143210.GA8246@openwall.com>
Date: Tue, 30 Jun 2020 16:32:11 +0200
From: Solar Designer <solar@...nwall.com>
To: Ganime Yalur <ganime1961tire@...il.com>
Cc: lkrg-users@...ts.openwall.com
Subject: Re: config_jump_label Trouble with compiling

Hi all,

Ganime first e-mailed us about this privately.  Unfortunately, Ganime
still has not joined the list, hence the CC on this reply.

On Tue, Jun 30, 2020 at 04:06:10PM +0200, Ganime Yalur wrote:
> > I'm running 5.6.17 kernel without config_jump_label .
> >
> > I'm trying to compile 0.8 lkrg
> >
> > Compiling stops and message spit out:
> > ....lkrg currently requires config_jump_label,but this might change..if
> > you hit this problem, please contact lkrg developers...

We've counted your vote to have this supported.  Thanks.

For now, please enable CONFIG_JUMP_LABEL to use LKRG.

> > Now I'm here, and want edited source files to solve my problem...

It's up to Adam whether and when to implement this support.  He might
make the corresponding git commits soon, not soon, or not at all.

Maybe it was a bad idea to ask people to contact us about this, after
all, as this seems to have created unjustified expectations.

> > Btw my setup running apparmor and firejail.
> >
> > I want activate lockdown integrity in future any troubles found with lkrg?

I'm not familiar with lockdown, but I guess you'd need to have the LKRG
module signed.  No troubles are expected.  Apparently, Mikhail Morfikov
who is here on lkrg-users has such a setup:

https://www.openwall.com/lists/lkrg-users/2020/06/14/8

> > If I  should ain't activate lockdown?

There are no specific guidelines on what other protection mechanisms you
should or should not use along with LKRG.  My advice is that you think
of what threat models are relevant to your use case and use protection
mechanisms that fit those threat models.

> > Don't forget compiling was done without lockdown activate.

LKRG should be built against the kernel build tree that you actually
intend to use.  So if you're going to change kernel build options, you
should preferably (and might have to) rebuild LKRG as well.  If you're
only going to change kernel command-line parameters without rebuilding
the kernel, then you don't need to rebuild LKRG.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.