Andrey Konovalov daga Google hanyar musaki kariya daga nesa da aka bayar a cikin kunshin kernel na Linux wanda aka aika tare da Ubuntu (hanyoyin da aka tsara a ka'ida aiki tare da kwaya na Fedora da sauran rarrabawa, amma ba a gwada su ba).
Lockdown yana ƙuntata tushen mai amfani zuwa kernel kuma yana toshe hanyoyin UEFI Secure Boot bypass. Misali, a cikin yanayin kullewa, samun dama ga / dev/mem, / dev/kmem, / dev/port, /proc/kcore, debugfs, yanayin debugging kprobes, mmiotrace, tracefs, BPF, PCMCIA CIS (Tsarin Bayanan Katin), wasu musaya yana iyakance ACPI da rijistar MSR na CPU, an katange kira zuwa kexec_file da kexec_load, an hana yin hibernation, amfani da DMA don na'urorin PCI yana iyakance, shigo da lambar ACPI daga masu canjin EFI, ba a yarda da magudi tare da tashoshin I/O , gami da canza lambar katsewa da tashar I/O don tashar tashar jiragen ruwa.
Kwanan nan an ƙara tsarin Lockdown zuwa babban kwaya na Linux , amma a cikin kernels da aka ba da su a cikin rarraba har yanzu ana aiwatar da shi a cikin nau'i na faci ko ƙara da faci. Ɗaya daga cikin bambance-bambance tsakanin add-ons da aka bayar a cikin kayan rarrabawa da aiwatarwa da aka gina a cikin kwaya shine ikon kashe kullewar da aka bayar idan kuna da damar jiki zuwa tsarin.
A cikin Ubuntu da Fedora, ana ba da maɓallin haɗin Alt + SysRq + X don musaki Lockdown. An fahimci cewa haɗin Alt + SysRq+X za a iya amfani da shi ne kawai tare da samun damar shiga na'urar, kuma a yanayin yin kutse daga nesa da samun tushen tushen, maharin ba zai iya kashe Lockdown ba kuma, misali, loda a. module tare da rootkit wanda ba'a sanya hannu ta lambobi cikin kernel ba.
Andrey Konovalov ya nuna cewa hanyoyin tushen madannai don tabbatar da kasancewar mai amfani ba su da tasiri. Hanya mafi sauƙi don kashe Lockdown shine software latsa Alt + SysRq+X ta /dev/uinput, amma an katange wannan zaɓin da farko. A lokaci guda, yana yiwuwa a gano aƙalla ƙarin hanyoyin biyu na maye gurbin Alt+SysRq+X.
Hanya ta farko ta ƙunshi yin amfani da ƙirar "sysrq-trigger" - don daidaita shi, kawai kunna wannan haɗin ta hanyar rubuta "1" zuwa /proc/sys/kernel/sysrq, sannan a rubuta "x" zuwa /proc/sysrq-trigger. Ya ce loophole a cikin sabuntawar kwaya na Ubuntu na Disamba kuma a cikin Fedora 31. Abin lura ne cewa masu haɓakawa, kamar yadda yake a cikin yanayin / dev/uinput, da farko. toshe wannan hanyar, amma toshewa bai yi aiki ba saboda in kod.
Hanya ta biyu ta ƙunshi kwaikwayi madannai ta hanyar sannan aika jerin Alt+SysRq+X daga maballin kama-da-wane. Kebul/IP kernel da aka aika tare da Ubuntu ana kunna shi ta tsohuwa (CONFIG_USBIP_VHCI_HCD=m da CONFIG_USBIP_CORE=m) kuma yana ba da sa hannun usbip_core da vhci_hcd na dijital da ake buƙata don aiki. Mai kai harin na iya Virtual USB na'urar, mai sarrafa hanyar sadarwa akan madaidaicin madauki da haɗa shi azaman na'urar USB mai nisa ta amfani da USB/IP. Game da ƙayyadadden hanya ga masu haɓaka Ubuntu, amma har yanzu ba a fitar da gyara ba.
source: budenet.ru