|
Message-ID: <CAF6Swt=v9_etMFDoAnPWRMxW4WjBjYdSxn28U4Pp-T30Uwkj9w@mail.gmail.com>
Date: Wed, 1 Jul 2020 00:24:14 +0200
From: Ganime Yalur <ganime1961tire@...il.com>
To: Solar Designer <solar@...nwall.com>
Cc: lkrg-users@...ts.openwall.com
Subject: Re: config_jump_label Trouble with compiling
Thanks for the info.
30 Haz 2020 Sal 16:32 tarihinde Solar Designer <solar@...nwall.com> şunu
yazdı:
> Hi all,
>
> Ganime first e-mailed us about this privately. Unfortunately, Ganime
> still has not joined the list, hence the CC on this reply.
>
> On Tue, Jun 30, 2020 at 04:06:10PM +0200, Ganime Yalur wrote:
> > > I'm running 5.6.17 kernel without config_jump_label .
> > >
> > > I'm trying to compile 0.8 lkrg
> > >
> > > Compiling stops and message spit out:
> > > ....lkrg currently requires config_jump_label,but this might change..if
> > > you hit this problem, please contact lkrg developers...
>
> We've counted your vote to have this supported. Thanks.
>
> For now, please enable CONFIG_JUMP_LABEL to use LKRG.
>
> > > Now I'm here, and want edited source files to solve my problem...
>
> It's up to Adam whether and when to implement this support. He might
> make the corresponding git commits soon, not soon, or not at all.
>
> Maybe it was a bad idea to ask people to contact us about this, after
> all, as this seems to have created unjustified expectations.
>
> > > Btw my setup running apparmor and firejail.
> > >
> > > I want activate lockdown integrity in future any troubles found with
> lkrg?
>
> I'm not familiar with lockdown, but I guess you'd need to have the LKRG
> module signed. No troubles are expected. Apparently, Mikhail Morfikov
> who is here on lkrg-users has such a setup:
>
> https://www.openwall.com/lists/lkrg-users/2020/06/14/8
>
> > > If I should ain't activate lockdown?
>
> There are no specific guidelines on what other protection mechanisms you
> should or should not use along with LKRG. My advice is that you think
> of what threat models are relevant to your use case and use protection
> mechanisms that fit those threat models.
>
> > > Don't forget compiling was done without lockdown activate.
>
> LKRG should be built against the kernel build tree that you actually
> intend to use. So if you're going to change kernel build options, you
> should preferably (and might have to) rebuild LKRG as well. If you're
> only going to change kernel command-line parameters without rebuilding
> the kernel, then you don't need to rebuild LKRG.
>
> Alexander
>
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.