{"id":583,"date":"2018-02-09T06:14:22","date_gmt":"2018-02-09T05:14:22","guid":{"rendered":"http:\/\/blog.pi3.com.pl\/?p=583"},"modified":"2018-02-09T06:14:22","modified_gmt":"2018-02-09T05:14:22","slug":"lkrg-0-1","status":"publish","type":"post","link":"https:\/\/blog.pi3.com.pl\/?p=583","title":{"rendered":"LKRG 0.1"},"content":{"rendered":"<p>LKRG 0.1 was just released:<\/p>\n<p><a href=\"http:\/\/www.openwall.com\/lkrg\/\" rel=\"noopener\" target=\"_blank\">http:\/\/www.openwall.com\/lkrg\/<\/a><\/p>\n<p>The change log is as follows:<br \/>\n<!--more--><\/p>\n<ul>\n<li>Support RHEL 7.4 kernels<\/li>\n<li>Make new compiler happy (gcc 7.3+)<\/li>\n<li>Improve Makefile<\/li>\n<li>Improve Exploit Detection performance and hardened &#8216;off&#8217; flag<\/li>\n<li>Add support for kernel 4.15<\/li>\n<li>Use GPLv2 LICENSE<\/li>\n<li>Add INSTALL, CHANGELOG and PATREONS file<\/li>\n<li>Move SELinux integrity check to the workqueue<\/li>\n<li>Fix how *_JUMP_LABEL is handled when 0xCC byte is injected<\/li>\n<\/ul>\n<p>My main priorities for the v.next release are:<\/p>\n<ul>\n<li>There is a very nasty corner case in the memory when *_JUMP_LABEL is in the middle of the instruction modification. Instruction can be only half-baked modified and during this phase integrity verification might fail (False-Positive). I will work to address this weird state of the *_JUMP_LABEL and fix it.<\/li>\n<li>Add new sysctl option to the communication channel which allows administrator to disable &#8220;randomness&#8221; of when kernel integrity functionality is fired. Currently, kernel integrity is enforced to be fired by the timer and at a random event in the system. The details can be found here:\n<p><a href=\"http:\/\/openwall.info\/wiki\/p_lkrg\/Main#When-is-the-LKRG-validation-routine-executed\" rel=\"noopener\" target=\"_blank\">http:\/\/openwall.info\/wiki\/p_lkrg\/Main#When-is-the-LKRG-validation-routine-executed<\/a><\/p>\n<p>If an administrator wants to reduce performance impact which LKRG may introduce, he would be able to completely disable &#8220;random event&#8221; kernel-integrity enforcement. Obviously, this will have an impact on the security promises.<\/li>\n<li>Linux kernel may inject a usermode helper thread into the workqueue which will execute user-mode binary (kernel injects a routine into the kernel thread which executes user-mode binary). In a very specific corner case it might introduce False Positives in the Exploit-Detection module. I will try to research this problem and fix it in the next release.<\/li>\n<\/ul>\n<p>Best regards,<br \/>\nAdam<\/p>\n","protected":false},"excerpt":{"rendered":"<p>LKRG 0.1 was just released: http:\/\/www.openwall.com\/lkrg\/ The change log is as follows:<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5,6,7],"tags":[],"class_list":["post-583","post","type-post","status-publish","format-standard","hentry","category-exploiting","category-ideas","category-lkrg"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/583","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=583"}],"version-history":[{"count":15,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/583\/revisions"}],"predecessor-version":[{"id":598,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/583\/revisions\/598"}],"wp:attachment":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}