Debian Bug report logs -
#944476
RFP: lkrg -- Linux Kernel Runtime Guard
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, whonix-devel@whonix.org, wnpp@debian.org:
Bug#944476; Package wnpp.
(Sun, 10 Nov 2019 16:45:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Patrick Schleizer <adrelanos@riseup.net>:
New Bug report received and forwarded. Copy sent to whonix-devel@whonix.org, wnpp@debian.org.
(Sun, 10 Nov 2019 16:45:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: wnpp
Severity: wishlist
X-Debbugs-CC: whonix-devel@whonix.org
* Package name : lkrg
Version : 0.7
Upstream Author : Adam 'pi3' Zabrocki
* URL : https://www.openwall.com/lkrg/
* License : GPL-2
Programming Lang: C
Description : Linux Kernel Runtime Guard
A loadable kernel module that performs runtime integrity checking of the
Linux kernel and detection of security vulnerability exploits against
the kernel. As controversial as this concept is, LKRG attempts to
post-detect and hopefully promptly respond to unauthorized modifications
to the running Linux kernel (integrity checking) or to credentials (such
as user IDs) of the running processes (exploit detection). For process
credentials, LKRG attempts to detect the exploit and take action before
the kernel would grant the process access (such as open a file) based on
the unauthorized credentials.
Changed Bug title to 'RFP: lkrg -- Linux Kernel Runtime Guard' from 'Linux Kernel Runtime Guard - LKRG'.
Request was from Sandro Tosi <morph@debian.org>
to control@bugs.debian.org.
(Sat, 16 Nov 2019 20:45:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#944476; Package wnpp.
(Mon, 18 Nov 2019 20:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Patrick Schleizer <adrelanos@riseup.net>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org.
(Mon, 18 Nov 2019 20:33:03 GMT) (full text, mbox, link).
Message #12 received at 944476@bugs.debian.org (full text, mbox, reply):
Linux Kernel Runtime Guard (LKRG) protects the kernel. It provides
security through diversity. Similar to running an uncommon operating
system (kernel) would.
It renders whole classes of kernel exploits ineffective. Makes other
exploits less reliable and more difficult to write (see features and
security). LKRG was developed by a security professional with review
from other high profile security professionals (see authorship).
- https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Features
- https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Security
- https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Authorship
Packaging completed. Lintian --pedantic warning free. Build using
cowbuilder successful. Module will be compiled on machine were installed
using DKMS.
I am not a Debian Developer (DD). This needs a DD to be uploaded to
packages.debian.org.
The source code, /debian folder can be found here:
https://github.com/Whonix/lkrg
The website for the LKRG Debian Package Fork can be found here:
https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG
Build instructions with software signature verification:
https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG/Build_Debian_Package_from_Source_Code
Simpler build instructions without software signature verification:
https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG/Build_Debian_Package_from_Source_Code/Easy
Other references:
- development discussion
- LKRG compilation hardening flags, checksec, hardening-check
- LKRG packagers / downstream wishlist (signed git commits, signed git
tags, version numbers, logo)
- module loading / systemd bug report / suggestion
- LKRG kills VirtualBox host VMs
- announcement of this LKRG Debian package on upstream LKRG mailing list
https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477
https://www.openwall.com/lists/lkrg-users/2019/11/18/3
https://www.openwall.com/lists/lkrg-users/2019/11/13/5
https://www.openwall.com/lists/lkrg-users/2019/11/10/2
https://www.openwall.com/lists/lkrg-users/2019/11/18/1
https://www.openwall.com/lists/lkrg-users/2019/11/18/2
Information forwarded
to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#944476; Package wnpp.
(Sat, 11 Jan 2020 01:48:02 GMT) (full text, mbox, link).
Acknowledgement sent
to jscott@posteo.net:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org.
Your message did not contain a Subject field. They are recommended and
useful because the title of a Bug is determined using this field.
Please remember to include a Subject field in your messages in future.
(Sat, 11 Jan 2020 01:48:02 GMT) (full text, mbox, link).
Message #17 received at 944476@bugs.debian.org (full text, mbox, reply):
Information forwarded
to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#944476; Package wnpp.
(Sat, 11 Jan 2020 01:51:02 GMT) (full text, mbox, link).
Acknowledgement sent
to John Scott <jscott@posteo.net>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org.
(Sat, 11 Jan 2020 01:51:02 GMT) (full text, mbox, link).
Message #22 received at 944476@bugs.debian.org (full text, mbox, reply):
> I am not a Debian Developer (DD). This needs a DD to be uploaded to
> packages.debian.org.
If you are still looking for someone that can upload this for you, file a bug
against sponsorship-requests and block this bug by that one.
Message sent on
to Patrick Schleizer <adrelanos@riseup.net>:
Bug#944476.
(Sat, 11 Jan 2020 01:51:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Feb 7 07:32:54 2020;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.