Debian Bug report logs - #944476
RFP: lkrg -- Linux Kernel Runtime Guard

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: Patrick Schleizer <adrelanos@riseup.net>

Date: Sun, 10 Nov 2019 16:45:02 UTC

Severity: wishlist

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, whonix-devel@whonix.org, wnpp@debian.org:
Bug#944476; Package wnpp. (Sun, 10 Nov 2019 16:45:05 GMT) (full text, mbox, link).


Acknowledgement sent to Patrick Schleizer <adrelanos@riseup.net>:
New Bug report received and forwarded. Copy sent to whonix-devel@whonix.org, wnpp@debian.org. (Sun, 10 Nov 2019 16:45:05 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Patrick Schleizer <adrelanos@riseup.net>
To: submit@bugs.debian.org
Subject: Linux Kernel Runtime Guard - LKRG
Date: Sun, 10 Nov 2019 16:42:00 +0000
Package: wnpp
Severity: wishlist
X-Debbugs-CC: whonix-devel@whonix.org

* Package name    : lkrg
  Version         : 0.7
  Upstream Author : Adam 'pi3' Zabrocki
* URL             : https://www.openwall.com/lkrg/
* License         : GPL-2
  Programming Lang: C
  Description     : Linux Kernel Runtime Guard
A loadable kernel module that performs runtime integrity checking of the
Linux kernel and detection of security vulnerability exploits against
the kernel. As controversial as this concept is, LKRG attempts to
post-detect and hopefully promptly respond to unauthorized modifications
to the running Linux kernel (integrity checking) or to credentials (such
as user IDs) of the running processes (exploit detection). For process
credentials, LKRG attempts to detect the exploit and take action before
the kernel would grant the process access (such as open a file) based on
the unauthorized credentials.



Changed Bug title to 'RFP: lkrg -- Linux Kernel Runtime Guard' from 'Linux Kernel Runtime Guard - LKRG'. Request was from Sandro Tosi <morph@debian.org> to control@bugs.debian.org. (Sat, 16 Nov 2019 20:45:04 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#944476; Package wnpp. (Mon, 18 Nov 2019 20:33:03 GMT) (full text, mbox, link).


Acknowledgement sent to Patrick Schleizer <adrelanos@riseup.net>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Mon, 18 Nov 2019 20:33:03 GMT) (full text, mbox, link).


Message #12 received at 944476@bugs.debian.org (full text, mbox, reply):

From: Patrick Schleizer <adrelanos@riseup.net>
To: 944476@bugs.debian.org
Subject: LKRG Debian packaging completed
Date: Mon, 18 Nov 2019 20:31:00 +0000
Linux Kernel Runtime Guard (LKRG) protects the kernel. It provides
security through diversity. Similar to running an uncommon operating
system (kernel) would.

It renders whole classes of kernel exploits ineffective. Makes other
exploits less reliable and more difficult to write (see features and
security). LKRG was developed by a security professional with review
from other high profile security professionals (see authorship).

- https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Features
- https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Security
- https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Authorship

Packaging completed. Lintian --pedantic warning free. Build using
cowbuilder successful. Module will be compiled on machine were installed
using DKMS.

I am not a Debian Developer (DD). This needs a DD to be uploaded to
packages.debian.org.

The source code, /debian folder can be found here:

https://github.com/Whonix/lkrg

The website for the LKRG Debian Package Fork can be found here:

https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG

Build instructions with software signature verification:

https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG/Build_Debian_Package_from_Source_Code

Simpler build instructions without software signature verification:

https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG/Build_Debian_Package_from_Source_Code/Easy

Other references:

- development discussion
- LKRG compilation hardening flags, checksec, hardening-check
- LKRG packagers / downstream wishlist (signed git commits, signed git
tags, version numbers, logo)
- module loading / systemd bug report / suggestion
- LKRG kills VirtualBox host VMs
- announcement of this LKRG Debian package on upstream LKRG mailing list

https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477

https://www.openwall.com/lists/lkrg-users/2019/11/18/3

https://www.openwall.com/lists/lkrg-users/2019/11/13/5

https://www.openwall.com/lists/lkrg-users/2019/11/10/2

https://www.openwall.com/lists/lkrg-users/2019/11/18/1

https://www.openwall.com/lists/lkrg-users/2019/11/18/2



Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#944476; Package wnpp. (Sat, 11 Jan 2020 01:48:02 GMT) (full text, mbox, link).


Acknowledgement sent to jscott@posteo.net:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org.

Your message did not contain a Subject field. They are recommended and useful because the title of a Bug is determined using this field. Please remember to include a Subject field in your messages in future.

(Sat, 11 Jan 2020 01:48:02 GMT) (full text, mbox, link).


Message #17 received at 944476@bugs.debian.org (full text, mbox, reply):

From: jscott@posteo.net
Date: Sat, 11 Jan 2020 02:44:47 +0100 (CET)


Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#944476; Package wnpp. (Sat, 11 Jan 2020 01:51:02 GMT) (full text, mbox, link).


Acknowledgement sent to John Scott <jscott@posteo.net>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Sat, 11 Jan 2020 01:51:02 GMT) (full text, mbox, link).


Message #22 received at 944476@bugs.debian.org (full text, mbox, reply):

From: John Scott <jscott@posteo.net>
To: 944476@bugs.debian.org, 944476-submitter@bugs.debian.org
Subject: Re: LKRG Debian packaging completed
Date: Fri, 10 Jan 2020 20:48:10 -0500
> I am not a Debian Developer (DD). This needs a DD to be uploaded to
> packages.debian.org.

If you are still looking for someone that can upload this for you, file a bug
against sponsorship-requests and block this bug by that one.



Message sent on to Patrick Schleizer <adrelanos@riseup.net>:
Bug#944476. (Sat, 11 Jan 2020 01:51:03 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Feb 7 07:32:57 2020; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.