Openwall Releases 'Linux Kernel Runtime Guard' 0.9.0 (linuxreviews.org) 7

Posted by EditorDavid on Sunday April 18, 2021 @09:34AM from the integrity-checks dept.

Long-time Slashdot reader xiando shares news from LinuxReviews: Linux Kernel Runtime Guard (LKRG) is a security module for the Linux kernel developed by Openwall. The latest release adds compatibility with Linux kernels up to soon to be released 5.12, support for building LKRG into kernel images, support for old 32-bit x86 machines and more...

The Linux Kernel Runtime Guard is an out-of-tree kernel module you can install as a kernel module, or, with the 0.9.0 release, build into your Linux kernel. It does run-time integrity checks to detect security vulnerability exploits against the Linux kernel.
An Openwall developer also notes in the announcement that "During LKRG development and testing I've found 7 Linux kernel bugs, 4 of them have CVE numbers."

Openwall Releases 'Linux Kernel Runtime Guard' 0.9.0

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 7 Comments Log In/Create an Account

Comments Filter:

Honeypots? (Score:2)

by ls671 ( 1122017 ) writes:

I would hesitate to run this on any production systems especially since it is still in an "experimental" stage. I think it would be perfect to run on honeypots although. Who knows? Maybe one could discover new kernel bugs that would then be fixed by main line kernel developers.
- Re: (Score:2)
  
  by belmolis ( 702863 ) writes:
  
  That depends. Are there unpolished aspects that might damage the system, or are the "experimental" aspects merely ways in which it may fail to detect security problems?
  - Re: (Score:2)
    
    by ls671 ( 1122017 ) writes:
    
    Good point! Indeed, just changing the "kernel panic" option to log only might attenuate the possible effects of being experimental.
    What's the consensus on this module and Openwall in general? I doesn't seem to be well known here on Slashdot given the number of comments on the topic.
  - Re: (Score:2)
    
    by ls671 ( 1122017 ) writes:
    
    I forgot to mention, I reviewed their products and the IDS thing is the one that caught my attention the most. They seem to know what they are doing, link below:
    http://phrack.org/issues/53/13... [phrack.org]
But what does it do? (Score:3)

by Ungrounded Lightning ( 62228 ) writes: on Sunday April 18, 2021 @10:22AM (#61286564) Journal

It would be nice if the Slashdot summary actually told us what the heck this thing is supposed to do.

- Re:But what does it do? (Score:5, Informative)
  
  by drinkypoo ( 153816 ) writes: <drink@hyperlogos.org> on Sunday April 18, 2021 @11:04AM (#61286644) Homepage Journal
  
  this is what's missing from the summary [openwall.com]

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Openwall Releases 'Linux Kernel Runtime Guard' 0.9.0 (linuxreviews.org) 7

Openwall Releases 'Linux Kernel Runtime Guard' 0.9.0 More Login

Openwall Releases 'Linux Kernel Runtime Guard' 0.9.0

Honeypots? (Score:2)

Re: (Score:2)

Re: (Score:2)

Re: (Score:2)

But what does it do? (Score:3)

Re:But what does it do? (Score:5, Informative)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot