Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 24 Jan 2020 20:42:55 +0100
From: Solar Designer <solar@...nwall.com>
To: lkrg-users@...ts.openwall.com
Subject: Re: sysctl vs module parameters / Can sysctl be set before loading the module? | was: bug: LKRG kills VirtualBox host VMs

On Fri, Jan 24, 2020 at 07:13:26AM +0000, Patrick Schleizer wrote:
> To avoid that, I tried:
> 
> sudo modprobe p_lkrg lkrg.enforce_msr=0 lkrg.enforce_pcfi=1
> 
> But LKRG does not seem to support module parameters.

Yes, it currently does not support these parameters.  I think we should
add module parameters of the same names as sysctl's (but omitting the
"lkrg." namespace, since it's implied there) for almost all sysctl's
(the only exception can be sysctl's triggering certain one-shot action).

> I also tried before loading LKRG to manually set the sysctl. In other
> words: try to set LKRG sysctl before loading LKRG. That did not work either.
> 
> sudo sysctl -w lkrg.enforce_msr=0
> 
> sysctl: cannot stat /proc/sys/lkrg/enforce_msr: No such file or directory

Of course, it wouldn't work.

> Also settings in /etc/sysctl.d folder are ignored after "sudo modprobe
> p_lkrg".

These settings are only read on startup or when you run "sysctl -p".

> I am asking because I plan to install LKRG by default in Kicksecure and
> Whonix-Host (these are Debian derivative Linux distributions).
> Kicksecure can be installed on top of an already installed Debian. In
> such situations it would unexpected to kill any already running
> VirtualBox VMs.
> 
> While at the moment it looks like that LKRG only kills VirtualBox VMs
> without these settings (lkrg.enforce_msr=0 lkrg.enforce_pcfi=1), I was
> thinking that it would be better to not start LKRG without these
> settings if VirtualBox is already installed. Maybe better to avoid any
> issues with the VirtualBox kernel modules. Just speculation.
> 
> How could this issue be solved?
> 
> Would it be possible to make LKRG support both, module parameters and
> sysctl? Dunno if that would be a lot effort and/or add too much
> complexity to the source code.

Yes, we should do that.

> Or is there a way to set sysctl settings before loading the LKRG kernel
> module?

No.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.