|
Message-ID: <20221214164607.GA17088@openwall.com> Date: Wed, 14 Dec 2022 17:46:07 +0100 From: Solar Designer <solar@...nwall.com> To: announce@...ts.openwall.com, lkrg-users@...ts.openwall.com Subject: LKRG 0.9.6 Hi, For those new to Linux Kernel Runtime Guard (LKRG), it is a kernel module that performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel. We've just released LKRG 0.9.6, available on the LKRG project website: https://lkrg.org The following major changes have been made between LKRG 0.9.5 and 0.9.6: *) Support new mainline kernels 6.1-rc*, 6.1, and hopefully beyond *) Support kernels 5.19 and beyond on AArch64 *) Support new RHEL 8.6 update and RHEL 8.7 kernels *) Support new CentOS Stream 9 aka upcoming RHEL 9.2 kernels *) Add a couple of distros' default pathnames to usermodehelper allow list *) Validate tasks' real UIDs/GIDs even when effective ones pass validation (previously, this check was normally bypassed as an optimization) *) Add synchronization logic around sysctl updates and other module (un)loads (previously, some concurrent events of this sort could lead to a crash on attempting to write to our read-only page) *) Test whether kretprobes work correctly at LKRG loading time and re-test periodically (previously, LKRG would only detect disabling of kretprobes after it's loaded, and only indirectly - through kernel code hash changes) *) Set kretprobes' maxactive based on actual number of possible logical CPUs (previously, we used a hard-coded value, which would more likely result in missed hook function invocations on systems with more CPUs) *) Continuous Integration updates, including testing on AArch64 We are lucky that our previous release, LKRG 0.9.5, worked as-is on newer mainline kernels up to 6.0 on x86-64. However, for compatibility with 6.1-rc* and beyond we had to make changes. Also, we found we had overlooked a compatibility issue with 5.19+ on AArch64, now addressed. Overall, the changes this time are not very extensive, although they span a lot of the source files: $ git diff --shortstat v0.9.5..v0.9.6 73 files changed, 352 insertions(+), 207 deletions(-) They are by the following people: $ git shortlog -sn v0.9.5..v0.9.6 9 Solar Designer 4 Adam 'pi3' Zabrocki 2 Vitaly Chikunov 2 Vladimir D. Seleznev 2 redp 1 mrl5 In related news, LKRG is now packaged in Guix and NixOS. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.