Date: Sat, 1 Feb 2020 01:47:48 +0100 From: Adam Zabrocki <pi3@....com.pl> To: lkrg-users@...ts.openwall.com Subject: LKRG vs namespaces escpae (docker?) Hi, I wanted to inform that I've added a new logic in Exploit-Detection feature for detection namespaces escape. LKRG now validates various namespace configurations per thread (task_struct). By doing it, LKRG might have a chance to detect e.g. docker escpaes via kernel bugs. It is important to note that before you run LKRG, you should load "overlay" module used by docker. If you don't do it (e.g. load "overlay" module after LKRG), not all hooks will be installed and you will see False Positives. The easiest way to solve it is to configure the system to load "overlay" during boot. You can do it by runnig, for example, the following command: root@...-ubuntu:~# echo "overlay" > /etc/modules-load.d/overlay.conf root@...-ubuntu:~# This code is new but I haven't seen any issues with it so far. However I would appreciate if more people could test it as well. Thanks, Adam -- pi3 (pi3ki31ny) - pi3 (at) itsec pl http://pi3.com.pl
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.