Forum Debian Users Gang

hi · 2020-06-01 16:47:08

Co sądzicie, używa/używał ktoś? Zainteresowałem się tematem po ostatniej rozmowie ekipy z3s z pi3

Co prawda używałem kiedyś z powodzeniem grsec ale jak wiadomo skończyło się i niestety poszło w komerchę. Czy LKRG patrząc, że jest to stosunkowo świeży projekt jest warte uwagi? (chodzi mi głównie o narzut i kwestie wydajności takiego rozwiązania)

btw. Świetna rozmowa, polecam wysłuchać całej tym którzy jeszcze tego nie zrobili. Jest trochę o windowsie (facet popełnił niezły kawał windowsowego jajka od strony security) jest też trochę o nvidii i linuksowym kernelu na którym notabene gość nie zostawia suchej nitki jeżeli chodzi o bezpieczeństwo :)

Ostatnio edytowany przez hi (2020-06-01 16:54:23)

Jacekalex · 2020-06-01 17:04:19

Linux? Kernel jak kernel, ale jaki rezultat...

Masz gdzieś sznurka do tej wspomnianej rozmowy ekipy z3s z pi3?

Grsec tak po prostu w komerchę nie poszedł, wkurzyli się mocno, kiedy Google zaczął "pożyczać" ich rozwiązania łamiąc zasady licencji GPL2.

Pozdro

Ostatnio edytowany przez Jacekalex (2020-06-01 17:06:45)

hi · 2020-06-01 17:56:29

https://www.youtube.com/watch?v=_Nmdu_jxS0o

Jacekalex · 2020-06-01 19:02:55

Za sznurek dziękuję.

LRNG mnie nie interesuje na razie, starcza mi KSPP i AA (pomimo wszystkich strasznych wad). :P

Pozdro

Ostatnio edytowany przez Jacekalex (2020-06-01 19:06:15)

morfik · 2020-06-01 20:10:19

Ja se może rzucę okiem tylko wredne, że nie mają pacza na kernel i trza osobny moduł... xD

Może niedługo trafi do debiana:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944476

Ostatnio edytowany przez morfik (2020-06-01 20:14:00)

Jacekalex · 2020-06-01 20:21:03

Ten LRNG jest z 2018 roku, chyba nie gada z aktualnym kernelem czy aktualnymi gcc lub glibc:

Kod:

 * Package:    app-antivirus/lkrg-0.7
 * Repository: pentoo
 * Maintainer: proxy-maint@gentoo.org
 * USE:        abi_x86_64 amd64 elibc_glibc kernel_linux userland_GNU
 * FEATURES:   network-sandbox preserve-libs sandbox selinux sesandbox splitdebug userpriv usersandbox
 * Determining the location of the kernel source code
 * Found kernel source directory:
 *     /usr/src/linux
 * Found sources for kernel version:
 *     5.7.0-g1
 * Checking for suitable kernel configuration options...
 [ ok ]
ln: failed to create symbolic link 'Module.symvers': File exists
 * Preparing p_lkrg module
make -C /usr/src/linux M=/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7 clean
make[1]: Entering directory '/home/fabryka/kernel/src64/linux-5.7.0-gentoo'
make -C /usr/src/linux M=/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7 modules
make[1]: Entering directory '/home/fabryka/kernel/src64/linux-5.7.0-gentoo'

  ERROR: Kernel configuration is invalid.
         include/generated/autoconf.h or include/config/auto.conf are missing.
         Run 'make oldconfig && make prepare' on kernel src to fix it.

make[1]: *** [Makefile:707: include/config/auto.conf] Error 1
make[1]: Leaving directory '/home/fabryka/kernel/src64/linux-5.7.0-gentoo'
make: *** [Makefile:91: all] Error 2
make: *** Waiting for unfinished jobs....
  CLEAN   /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/Module.symvers
make[1]: Leaving directory '/home/fabryka/kernel/src64/linux-5.7.0-gentoo'
rm -f Module.markers modules.order
rm -f /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/kmod/client/kmod/Module.markers
rm -f /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/kmod/client/kmod/modules.order
rm -f -rf output
 * ERROR: app-antivirus/lkrg-0.7::pentoo failed (compile phase):
 *   emake failed
 * 
 * If you need support, post the output of `emerge --info '=app-antivirus/lkrg-0.7::pentoo'`,
 * the complete build log and the output of `emerge -pqv '=app-antivirus/lkrg-0.7::pentoo'`.
 * The complete build log is located at '/var/log/portage/buildlogs/app-antivirus:lkrg-0.7:20200601-181727.log'.
 * For convenience, a symlink to the build log is located at '/var/tmp/portage/app-antivirus/lkrg-0.7/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/app-antivirus/lkrg-0.7/temp/environment'.
 * Working directory: '/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7'
 * S: '/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7'

A tak to wygląda z przy ręcznej kompilacji:

Kod:

# G1 Gentuś ###   pon cze 01 20:30:05  domek : /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7 

# root ~> make
make -C /lib/modules/5.7.0-g1/build M=/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7 modules
make[1]: Wejście do katalogu '/home/fabryka/kernel/src64/linux-5.7.0-gentoo'
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/ksyms/p_resolve_ksym.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/hashing/p_lkrg_fast_hash.o
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/hashing/p_lkrg_fast_hash.c: In function ‘p_lkrg_fast_hash’:
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/hashing/p_lkrg_fast_hash.c:31:13: note: byref variable will be forcibly initialized
   31 |    uint64_t p_tmp = 0x0;
      |             ^~~~~
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/comm_channel/p_comm_channel.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/integrity_timer/p_integrity_timer.o
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/integrity_timer/p_integrity_timer.c: In function ‘p_check_integrity’:
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/integrity_timer/p_integrity_timer.c:156:23: note: byref variable will be forcibly initialized
  156 |    p_module_kobj_mem *p_module_kobj_tmp = NULL;
      |                       ^~~~~~~~~~~~~~~~~
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/integrity_timer/p_integrity_timer.c:155:23: note: byref variable will be forcibly initialized
  155 |    p_module_list_mem *p_module_list_tmp = NULL;
      |                       ^~~~~~~~~~~~~~~~~
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/integrity_timer/p_integrity_timer.c:154:17: note: byref variable will be forcibly initialized
  154 |    unsigned int p_module_kobj_nr_tmp; // Count by walk through the list first
      |                 ^~~~~~~~~~~~~~~~~~~~
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/integrity_timer/p_integrity_timer.c:153:17: note: byref variable will be forcibly initialized
  153 |    unsigned int p_module_list_nr_tmp; // Count by walk through the list first
      |                 ^~~~~~~~~~~~~~~~~~~~
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/integrity_timer/p_integrity_timer.c:151:15: note: byref variable will be forcibly initialized
  151 |    p_cpu_info p_tmp_cpu_info;
      |               ^~~~~~~~~~~~~~
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/kmod/p_kmod.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/database/CPU.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/database/arch/x86/p_x86_metadata.o
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/database/arch/x86/p_x86_metadata.c: In function ‘p_dump_x86_metadata’:
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/database/arch/x86/p_x86_metadata.c:84:18: note: byref variable will be forcibly initialized
   84 |    unsigned char p_idtr[0xA];
      |                  ^~~~~~
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/database/arch/x86/p_switch_idt/p_switch_idt.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/database/arch/arm64/p_arm64_metadata.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/database/arch/p_arch_metadata.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/database/JUMP_LABEL/p_arch_jump_label_transform/p_arch_jump_label_transform.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/database/p_database.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/notifiers/p_notifiers.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/self-defense/hiding/p_hiding.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/p_rb_ed_trees/p_rb_ed_pids/p_rb_ed_pids_tree.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_execve/p_sys_execve.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_execveat/p_sys_execveat.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_call_usermodehelper_exec/p_call_usermodehelper_exec.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_do_exit/p_do_exit.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_wake_up_new_task/p_wake_up_new_task.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_setuid/p_sys_setuid.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_setreuid/p_sys_setreuid.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_setresuid/p_sys_setresuid.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_setfsuid/p_sys_setfsuid.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_setgid/p_sys_setgid.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_setregid/p_sys_setregid.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_setresgid/p_sys_setresgid.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_setfsgid/p_sys_setfsgid.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_set_current_groups/p_set_current_groups.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_do_init_module/p_do_init_module.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_finit_module/p_sys_finit_module.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_delete_module/p_sys_delete_module.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_generic_permission/p_generic_permission.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_seccomp/p_seccomp.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_unshare/p_sys_unshare.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_userns_install/p_userns_install.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/caps/p_sys_capset/p_sys_capset.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/caps/p_cap_task_prctl/p_cap_task_prctl.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/keyring/p_key_change_session_keyring/p_key_change_session_keyring.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/keyring/p_sys_add_key/p_sys_add_key.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/keyring/p_sys_request_key/p_sys_request_key.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/keyring/p_sys_keyctl/p_sys_keyctl.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/p_sys_ptrace/p_sys_ptrace.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/compat/p_compat_sys_execve/p_compat_sys_execve.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/compat/p_compat_sys_execveat/p_compat_sys_execveat.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/compat/p_compat_sys_keyctl/p_compat_sys_keyctl.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/compat/p_compat_sys_ptrace/p_compat_sys_ptrace.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/compat/p_compat_sys_delete_module/p_compat_sys_delete_module.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/compat/p_compat_sys_capset/p_compat_sys_capset.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/compat/p_compat_sys_add_key/p_compat_sys_add_key.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/compat/p_compat_sys_request_key/p_compat_sys_request_key.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/__x32/p_x32_sys_execve/p_x32_sys_execve.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/__x32/p_x32_sys_execveat/p_x32_sys_execveat.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/__x32/p_x32_sys_keyctl/p_x32_sys_keyctl.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/__x32/p_x32_sys_ptrace/p_x32_sys_ptrace.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/override/p_override_creds/p_override_creds.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/override/p_revert_creds/p_revert_creds.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/override/overlayfs/p_ovl_create_or_link/p_ovl_create_or_link.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/pCFI/p_mark_inode_dirty/p_mark_inode_dirty.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/pCFI/p_schedule/p_schedule.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/pCFI/p___queue_work/p___queue_work.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/syscalls/pCFI/p_lookup_fast/p_lookup_fast.o
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.o
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.c: In function ‘p_check_if_file_exists’:
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.c:86:16: note: byref variable will be forcibly initialized
   86 |    struct path p_path;
      |                ^~~~~~
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.c: In function ‘p_ed_enforce_pcfi’:
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.c:949:9: note: byref variable will be forcibly initialized
  949 |    char p_sym1[KSYM_SYMBOL_LEN];
      |         ^~~~~~
/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.c:944:23: note: byref variable will be forcibly initialized
  944 |    struct stack_frame p_frame;
      |                       ^~~~~~~
  CC [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/src/p_lkrg_main.o
  LD [M]  /var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/p_lkrg.o
  MODPOST 1 modules
ERROR: modpost: "kallsyms_on_each_symbol" [/var/tmp/portage/app-antivirus/lkrg-0.7/work/lkrg-0.7/p_lkrg.ko] undefined!
make[2]: *** [scripts/Makefile.modpost:94: __modpost] Błąd 1
make[1]: *** [Makefile:1646: modules] Błąd 2
make[1]: Opuszczenie katalogu '/home/fabryka/kernel/src64/linux-5.7.0-gentoo'
make: *** [Makefile:91: all] Błąd 2

I to by było na tyle

Ostatnio edytowany przez Jacekalex (2020-06-01 20:32:41)

hi · 2020-06-01 20:33:42

Jacekalex kurde szkoda...bo brzmiało dobrze ale tylko brzmiało :)
no nic spróbuję i tak u siebie

morfik · 2020-06-01 20:38:35

Na 5.6 piszą, że chodzi, info trza najnowszy z [1]:

[1]: https://github.com/Whonix/lkrg/commits/master

Przed chwilą sprawdziłem:

Kod:

# dkms status lkrg/0.7
lkrg, 0.7, 5.6.0-2-amd64, x86_64: installed

# modinfo  /var/lib/dkms/lkrg/0.7/5.6.0-2-amd64/x86_64/module/p_lkrg.ko
filename:       /var/lib/dkms/lkrg/0.7/5.6.0-2-amd64/x86_64/module/p_lkrg.ko
license:        GPL v2
description:    pi3's Linux kernel Runtime Guard
author:         Adam 'pi3' Zabrocki (http://pi3.com.pl)
depends:
retpoline:      Y
name:           p_lkrg
vermagic:       5.6.0-2-amd64 SMP mod_unload modversions
sig_id:         PKCS#7
signer:         morfikov's kernel-signing key
sig_key:        41:72:D5:0F:5C:43:2C:B4:D7:90:E7:6C:9D:07:74:7F:57:C6:7F:C7
sig_hashalgo:   sha512
signature:      C0:16:3F:99:18:E3:00:63:63:07:7A:2B:DE:D5:99:26:90:93:2E:EC:
                D1:6C:7B:C4:8D:F8:13:AF:E1:B1:7D:4E:8E:2C:C0:ED:78:2C:88:69:
                57:46:0A:D8:2E:C4:48:B9:FB:E4:59:99:7E:78:DF:88:AC:B9:7B:3E:
                CF:A7:74:43:6B:E3:00:78:8B:06:E1:81:DE:FE:C8:FF:11:DD:97:31:
                3F:81:66:0C:3C:29:91:31:9F:A0:6D:84:87:92:C6:35:BF:58:2B:0A:
                88:11:0E:F1:0F:A6:9E:1E:EA:CC:3E:5B:95:DE:74:3C:8B:77:4B:67:
                8D:74:9E:B5:E7:22:60:8C:3B:AD:DC:31:27:68:8A:DD:3F:D6:0E:82:
                34:F4:6E:66:56:25:44:F1:6F:A7:81:F7:F3:71:9C:AA:DF:30:D2:C3:
                16:C4:33:72:06:A7:A7:99:6E:EE:47:24:33:D5:9C:DE:55:7F:86:83:
                38:0D:E7:08:10:F3:AD:BD:A2:54:87:AB:6E:3C:7B:E8:6E:AC:61:EE:
                36:0F:14:6B:F8:2A:04:21:59:5F:A9:56:E5:D2:79:D0:D0:BD:EC:F1:
                15:AD:90:95:28:65:2A:95:D6:A6:40:C6:E8:4E:40:D5:15:EB:0E:03:
                A6:B8:A0:22:4F:51:C0:14:8E:4A:B9:9A:26:D3:C4:F2
parm:           log_level:log_level [3 (warn) is default] (uint)
parm:           heartbeat:heartbeat [0 (don't print) is default] (uint)
parm:           block_modules:block_modules [0 (don't block) is default] (uint)
parm:           interval:interval [15 seconds is default] (uint)
parm:           kint_validate:kint_validate [3 (periodically + random events) is default] (uint)
parm:           kint_enforce:kint_enforce [2 (panic) is default] (uint)
parm:           msr_validate:msr_validate [1 (enabled) is default] (uint)
parm:           pint_validate:pint_validate [2 (current + waking_up) is default] (uint)
parm:           pint_enforce:pint_enforce [1 (kill task) is default] (uint)
parm:           umh_validate:umh_validate [1 (whitelist UMH paths) is default] (uint)
parm:           umh_enforce:umh_enforce [1 (prevent execution) is default] (uint)
parm:           pcfi_validate:pcfi_validate [2 (fully enabled pCFI) is default] (uint)
parm:           pcfi_enforce:pcfi_enforce [1 (kill task) is default] (uint)
parm:           smep_validate:smep_validate [1 (enabled) is default] (uint)
parm:           smep_enforce:smep_enforce [2 (panic) is default] (uint)
parm:           smap_validate:smap_validate [1 (enabled) is default] (uint)
parm:           smap_enforce:smap_enforce [2 (panic) is default] (uint)

Także na debianowym kernelu buduje się ok. Na 5.7 trza czekać.

Ostatnio edytowany przez morfik (2020-06-01 21:35:43)

morfik · 2020-06-03 12:27:18

Wygląda na to, że coś się zmieniło w kernelu i trzeba nieco dostosować moduł lkrg[1], więc może niedługo będzie można go zbudować dla kernela 5.7.

[1]: https://www.openwall.com/lists/lkrg-users/2020/06/03/1

morfik · 2020-06-04 08:20:50

Już się buduje dla 5.7.0.

Jacekalex · 2020-06-04 15:10:06

Budować to może się i buduje, ale ładowanie wygląda dziwnie:

Kod:

# root ~> modprobe p_lkrg
modprobe: ERROR: could not insert 'p_lkrg': No buffer space available

i log z ladowania:

Kod:

[11045.981886] [p_lkrg] Loading LKRG...
[11045.981889] BUG: using smp_processor_id() in preemptible [00000000] code: modprobe/9523
[11045.981895] caller is p_parse_module_params+0x15c/0x287 [p_lkrg]
[11045.981897] CPU: 3 PID: 9523 Comm: modprobe Tainted: G         C O    T 5.7.0-g1 #2
[11045.981898] Hardware name: Gigabyte Technology Co., Ltd. Z97-D3H/Z97-D3H-CF, BIOS F9 09/18/2015
[11045.981899] Call Trace:
[11045.981902]  dump_stack+0x50/0x68
[11045.981905]  debug_smp_processor_id.cold+0x4d/0x52
[11045.981910]  p_parse_module_params+0x15c/0x287 [p_lkrg]
[11045.981914]  p_lkrg_register+0x4b/0x1000 [p_lkrg]
[11045.981916]  ? 0xffffffffc045d000
[11045.981917]  do_one_initcall+0x56/0x230
[11045.981920]  do_init_module+0x59/0x210
[11045.981921]  load_module+0x2396/0x2710
[11045.981924]  ? __do_sys_finit_module+0xd7/0xf0
[11045.981925]  __do_sys_finit_module+0xd7/0xf0
[11045.981927]  do_syscall_64+0x94/0x220
[11045.981929]  ? do_syscall_64+0x27/0x220
[11045.981931]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[11045.981933] RIP: 0033:0x7f332893d509
[11045.981934] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 57 09 0c 00 f7 d8 64 89 01 48
[11045.981934] RSP: 002b:00007ffd8dcda638 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[11045.981936] RAX: ffffffffffffffda RBX: 0000560b9819d960 RCX: 00007f332893d509
[11045.981936] RDX: 0000000000000000 RSI: 0000560b963bf390 RDI: 0000000000000003
[11045.981937] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000560b9819f680
[11045.981937] R10: 0000000000000003 R11: 0000000000000246 R12: 0000560b963bf390
[11045.981938] R13: 0000000000000000 R14: 0000560b9819da90 R15: 0000000000000000
[11045.981939] BUG: using smp_processor_id() in preemptible [00000000] code: modprobe/9523
[11045.981943] caller is p_parse_module_params+0x1af/0x287 [p_lkrg]
[11045.981944] CPU: 3 PID: 9523 Comm: modprobe Tainted: G         C O    T 5.7.0-g1 #2
[11045.981945] Hardware name: Gigabyte Technology Co., Ltd. Z97-D3H/Z97-D3H-CF, BIOS F9 09/18/2015
[11045.981945] Call Trace:
[11045.981946]  dump_stack+0x50/0x68
[11045.981947]  debug_smp_processor_id.cold+0x4d/0x52
[11045.981951]  p_parse_module_params+0x1af/0x287 [p_lkrg]
[11045.981955]  p_lkrg_register+0x4b/0x1000 [p_lkrg]
[11045.981956]  ? 0xffffffffc045d000
[11045.981957]  do_one_initcall+0x56/0x230
[11045.981958]  do_init_module+0x59/0x210
[11045.981959]  load_module+0x2396/0x2710
[11045.981962]  ? __do_sys_finit_module+0xd7/0xf0
[11045.981963]  __do_sys_finit_module+0xd7/0xf0
[11045.981965]  do_syscall_64+0x94/0x220
[11045.981966]  ? do_syscall_64+0x27/0x220
[11045.981967]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[11045.981968] RIP: 0033:0x7f332893d509
[11045.981969] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 57 09 0c 00 f7 d8 64 89 01 48
[11045.981970] RSP: 002b:00007ffd8dcda638 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[11045.981970] RAX: ffffffffffffffda RBX: 0000560b9819d960 RCX: 00007f332893d509
[11045.981971] RDX: 0000000000000000 RSI: 0000560b963bf390 RDI: 0000000000000003
[11045.981971] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000560b9819f680
[11045.981972] R10: 0000000000000003 R11: 0000000000000246 R12: 0000560b963bf390
[11045.981972] R13: 0000000000000000 R14: 0000560b9819da90 R15: 0000000000000000
[11045.981973] [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation :(
[11045.997080] Freezing user space processes ... (elapsed 0.002 seconds) done.
[11045.999466] OOM killer disabled.
[11045.999494] [p_lkrg] 4/23 UMH paths were whitelisted...
[11046.011798] [p_lkrg] [ED] ERROR: Can't find 'selinux_state' variable :( Exiting...
[11046.011799] [p_lkrg] Can't initialize exploit detection features! Exiting...
[11046.049325] OOM killer enabled.
[11046.049326] Restarting tasks ... done.

Zobaczę, czy przy starcie systemu się załaduje, ale taki kawałek loga nie wróży nic dobrego.

EDIT:
Przy starcie to samo.

Ostatnio edytowany przez Jacekalex (2020-06-04 15:18:48)

morfik · 2020-06-04 15:28:50

No ja mam też jakiś kwiatek:

Kod:

# modprobe -v p_lkrg
insmod /lib/modules/5.7.0-amd64/updates/dkms/p_lkrg.ko
modprobe: ERROR: could not insert 'p_lkrg': Network is down

i log:

Kod:

kernel: [p_lkrg] Loading LKRG...
kernel: [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation :(
kernel: [p_lkrg] [get_kallsyms_address] register_kprobe error [-38] :(
kernel: [p_lkrg] Can't find kallsyms_lookup_name() function address! Exiting...

Podrzuć im swój log na ML. xD

Jacekalex · 2020-06-04 15:40:59

U mnie decydujący jest taki kwiatek:

Kod:

[  216.988440] [p_lkrg] [ED] ERROR: Can't find 'selinux_state' variable :( Exiting...
[  216.988441] [p_lkrg] Can't initialize exploit detection features! Exiting...

Pewnie dlatego, ze pomimo używania AA mam też w jaju włączonego SElinuxa w rezerwie.

Ostatnio edytowany przez Jacekalex (2020-06-04 16:22:45)

morfik · 2020-06-04 23:22:22

Pogadaliśmy tam na ML trochę i już powinno śmigać wszystko -- przynajmniej u mnie działa w końcu, choć trza najnowszego git'a brać:

Kod:

Jun 04 23:08:25 morfikownia kernel: [p_lkrg] Loading LKRG...
Jun 04 23:08:25 morfikownia kernel: [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation .
Jun 04 23:08:26 morfikownia kernel: Freezing user space processes ... (elapsed 0.023 seconds) done.
Jun 04 23:08:26 morfikownia kernel: OOM killer disabled.
Jun 04 23:08:26 morfikownia kernel: [p_lkrg] 8/23 UMH paths were whitelisted...
Jun 04 23:08:26 morfikownia kernel: [p_lkrg] LKRG initialized successfully!
Jun 04 23:08:26 morfikownia kernel: OOM killer enabled.
Jun 04 23:08:26 morfikownia kernel: Restarting tasks ... done.

Ostatnio edytowany przez morfik (2020-06-04 23:22:54)

wikingagressor · 2020-06-06 04:55:32

Morfik i jakie wrazenia, jak to dziala, ile zasobow pozera?

Jacekalex · 2020-06-06 05:21:28

Czasem działa, czasem nie działa.
Projekt mocno niestabilny na razie.

Np u mnie kompiluje się prawidłowo, ale się nie ładuje.
Podobno przy kompilacji sam sobie sprawdził konfigurację kernela, ale przy ładowaniu mam na razie taki komunikat:

Kod:

[ 8997.131763] [p_lkrg] Loading LKRG...
[ 8997.131769] [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation :(
[ 8997.142305] Freezing user space processes ... (elapsed 0.001 seconds) done.
[ 8997.144284] OOM killer disabled.
[ 8997.144307] [p_lkrg] 4/23 UMH paths were whitelisted...
[ 9000.994876] [p_lkrg] [kretprobe] register_kretprobe() for <ttwu_do_wakeup> failed! [err=-22]
[ 9000.994877] [p_lkrg] ERROR: Can't hook ttwu_do_wakeup :(
[ 9006.635346] [p_lkrg] Can't initialize exploit detection features! Exiting...
[ 9006.659262] OOM killer enabled.
[ 9006.659265] Restarting tasks ... done.

Jeszcze sporo wody w Wiśle upłynie, zanim to będzie w miarę przewidywalne rozwiązanie.

Pozdro

morfik · 2020-06-06 10:50:53

No u mnie działa ale raczej przy standardowym użytkowaniu narzut jest chyba niemierzalny. Piszą że w zależności od konfiguracji, utylizacja procka może wzrosnąć od 0,7- 2,5% więc pewnie tylko przy kompilacji będę w stanie to jakoś mocniej odczuć. Brakuje dokumentacji do szeregu parametrów, więc trochę tam trzeba ten projekt dopracować. xD

morfik · 2020-06-09 21:12:59

Napisałem kawałek artykułu na temat tego LKRG. To tak jakby komuś się nudziło i nie miał co robić, to poczytać może. xD

hi · 2020-06-23 16:03:19

morfik o fajnie :)

morfik · 2020-06-26 07:34:53

Wypuścili właśnie nową wersję[1] LKRG.

[1]: https://www.openwall.com/lists/announce/2020/06/25/1

developer · 2021-04-28 10:53:32

Czekam na wersję stable.

Jacekalex · 2021-04-28 13:02:31

developer napisał(-a):
Czekam na wersję stable.

Czekanie na stable? stable oznacza wpuszczenie danego programu do stabilnej gałezi dystrybucji takiej jak np Debian Stable.
Czyli poczekasz sobie kilka tys lat minimum.
:P

morfik · 2021-04-28 14:17:25

Teraz już można se samemu zbudować paczuszkę via dpkg-buildpackage. xD

Forum Debian Users Gang

Ogłoszenie

#1 2020-06-01 16:47:08

hi - Zbanowany

LKRG - Linux Kernel Runtime Guard

#2 2020-06-01 17:04:19

Jacekalex - Podobno człowiek...;)

Re: LKRG - Linux Kernel Runtime Guard

#3 2020-06-01 17:56:29

hi - Zbanowany

Re: LKRG - Linux Kernel Runtime Guard

#4 2020-06-01 19:02:55

Jacekalex - Podobno człowiek...;)

Re: LKRG - Linux Kernel Runtime Guard

#5 2020-06-01 20:10:19

morfik - Cenzor wirtualnego świata

Re: LKRG - Linux Kernel Runtime Guard

#6 2020-06-01 20:21:03

Jacekalex - Podobno człowiek...;)

Re: LKRG - Linux Kernel Runtime Guard

Kod:

Kod:

#7 2020-06-01 20:33:42

hi - Zbanowany

Re: LKRG - Linux Kernel Runtime Guard

#8 2020-06-01 20:38:35

morfik - Cenzor wirtualnego świata

Re: LKRG - Linux Kernel Runtime Guard

Kod:

#9 2020-06-03 12:27:18

morfik - Cenzor wirtualnego świata

Re: LKRG - Linux Kernel Runtime Guard

#10 2020-06-04 08:20:50

morfik - Cenzor wirtualnego świata

Re: LKRG - Linux Kernel Runtime Guard

#11 2020-06-04 15:10:06

Jacekalex - Podobno człowiek...;)

Re: LKRG - Linux Kernel Runtime Guard

Kod:

Kod:

#12 2020-06-04 15:28:50

morfik - Cenzor wirtualnego świata

Re: LKRG - Linux Kernel Runtime Guard

Kod:

Kod:

#13 2020-06-04 15:40:59

Jacekalex - Podobno człowiek...;)

Re: LKRG - Linux Kernel Runtime Guard

Kod:

#14 2020-06-04 23:22:22

morfik - Cenzor wirtualnego świata

Re: LKRG - Linux Kernel Runtime Guard

Kod:

#15 2020-06-06 04:55:32

wikingagressor - Użytkownik

Re: LKRG - Linux Kernel Runtime Guard

#16 2020-06-06 05:21:28

Jacekalex - Podobno człowiek...;)

Re: LKRG - Linux Kernel Runtime Guard

Kod:

#17 2020-06-06 10:50:53

morfik - Cenzor wirtualnego świata

Re: LKRG - Linux Kernel Runtime Guard

#18 2020-06-09 21:12:59

morfik - Cenzor wirtualnego świata

Re: LKRG - Linux Kernel Runtime Guard

#19 2020-06-23 16:03:19

hi - Zbanowany

Re: LKRG - Linux Kernel Runtime Guard

#20 2020-06-26 07:34:53

morfik - Cenzor wirtualnego świata

Re: LKRG - Linux Kernel Runtime Guard

#21 2021-04-28 10:53:32

developer - Użytkownik

Re: LKRG - Linux Kernel Runtime Guard

#22 2021-04-28 13:02:31

Jacekalex - Podobno człowiek...;)

Re: LKRG - Linux Kernel Runtime Guard

developer napisał(-a):

#23 2021-04-28 14:17:25