LKRG Module Version 0.7 to be Released

Linux Kernel Runtime Guard is created to protect Linux of vulnerabilities exploitation
23 July 2019   722

The Openwall project published the release of the LKRG 0.7 kernel module (Linux Kernel Runtime Guard), which provides detection of unauthorized changes to the working kernel (integrity check) or attempts to change the permissions of user processes (definition of exploit usage). The module is suitable both for organization of protection against already known exploits for the Linux kernel (for example, in situations when it is problematic to update the kernel in the system), and for opposition to exploits for still unknown vulnerabilities. About the features of LKRG can be found in the first announcement of the project.

Among the changes in the new version:

  • The code was refactored to support various CPU architectures. Added initial support for ARM64 architecture;
  • Compatible with Linux kernels 5.1 and 5.2, as well as kernels assembled without enabling the CONFIG_DYNAMIC_DEBUG, CONFIG_ACPI and CONFIG_STACKTRACE options when building the kernel, and with kernels built with the CONFIG_STATIC_USERMODEHELPER option. Added experimental kernel support from the grsecurity project;
  • Significantly changed initialization logic;
  • Self-hashing has been re-enabled in the integrity check subsystem and the race condition in the transition label engine (* _JUMP_LABEL) has been eliminated, leading to a deadlock during initialization simultaneously with loading or unloading events of other modules;
  • In the exploit detection code, new sysctl lkrg.smep_panic (enabled by default) and lkrg.umh_lock (disabled by default) were added, additional checks of the SMEP / WP bit were added, the tracking logic of the tasks was changed in the system, the internal synchronization logic with task resources was revised, Added support for OverlayFS, placed in the white list of Ubuntu Apport.

Get more info at Openwall's website.

Linux 5.5 Kernel to be Released

The new version release took 2 months and it has adopted 15505 patches from 1982 developers and 44% of chages relates to device drivers
27 January 2020   205

After two months of development, Linus Torvalds introduced the Linux 5.5 kernel release. Among the most notable changes: the ability to assign alternative names to network interfaces, the integration of cryptographic functions from the Zinc library, the ability to mirror more than 2 disks in Btrfs RAID1, the mechanism for monitoring the status of Live patches, the kunit unit testing framework, the increased performance of the mac80211 wireless stack, the ability to access to the root partition via the SMB protocol, type verification in BPF.

The new version adopted 15505 patches from 1982 developers, the patch size is 44 MB (the changes affected 11781 files, 609208 lines of code were added, 292520 lines were deleted). About 44% of all the changes presented in 5.5 are related to device drivers, about 18% of changes are related to updating the code specific to hardware architectures, 12% are connected to the network stack, 4% to file systems and 3% to internal kernel subsystems.

As always, new version brought the significant number of changes and improvements, you can check them at the official mainling at the LWM.