Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200630143210.GA8246@openwall.com>
Date: Tue, 30 Jun 2020 16:32:11 +0200
From: Solar Designer <solar@...nwall.com>
To: Ganime Yalur <ganime1961tire@...il.com>
Cc: lkrg-users@...ts.openwall.com
Subject: Re: config_jump_label Trouble with compiling

Hi all,

Ganime first e-mailed us about this privately.  Unfortunately, Ganime
still has not joined the list, hence the CC on this reply.

On Tue, Jun 30, 2020 at 04:06:10PM +0200, Ganime Yalur wrote:
> > I'm running 5.6.17 kernel without config_jump_label .
> >
> > I'm trying to compile 0.8 lkrg
> >
> > Compiling stops and message spit out:
> > ....lkrg currently requires config_jump_label,but this might change..if
> > you hit this problem, please contact lkrg developers...

We've counted your vote to have this supported.  Thanks.

For now, please enable CONFIG_JUMP_LABEL to use LKRG.

> > Now I'm here, and want edited source files to solve my problem...

It's up to Adam whether and when to implement this support.  He might
make the corresponding git commits soon, not soon, or not at all.

Maybe it was a bad idea to ask people to contact us about this, after
all, as this seems to have created unjustified expectations.

> > Btw my setup running apparmor and firejail.
> >
> > I want activate lockdown integrity in future any troubles found with lkrg?

I'm not familiar with lockdown, but I guess you'd need to have the LKRG
module signed.  No troubles are expected.  Apparently, Mikhail Morfikov
who is here on lkrg-users has such a setup:

https://www.openwall.com/lists/lkrg-users/2020/06/14/8

> > If I  should ain't activate lockdown?

There are no specific guidelines on what other protection mechanisms you
should or should not use along with LKRG.  My advice is that you think
of what threat models are relevant to your use case and use protection
mechanisms that fit those threat models.

> > Don't forget compiling was done without lockdown activate.

LKRG should be built against the kernel build tree that you actually
intend to use.  So if you're going to change kernel build options, you
should preferably (and might have to) rebuild LKRG as well.  If you're
only going to change kernel command-line parameters without rebuilding
the kernel, then you don't need to rebuild LKRG.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.