Masu haɓaka aikin Gsecurity
Wani ma'aikacin Huawei ne ya buga facin HKSP, ya haɗa da ambaton Huawei a cikin bayanin martabar GitHub, kuma a yi amfani da kalmar Huawei a cikin sunan aikin (HKSP - Huawei Kernel Self Protection). A lokaci guda, wakilan Huawei sun musanta haɗin gwiwar aikin HKSP tare da kamfanin kuma sun bayyana cewa an ƙera lambar a kan shirin ma'aikaci na sirri, ba aikin Huawei ba ne na hukuma kuma ba a amfani da shi a cikin kayayyakin kamfanin. Kunna
HKSP ya haɗa da canje-canje irin su bazuwar ɓangarori a cikin tsarin ƙididdigewa, kariya daga hare-hare kan mai gano sunan mai amfani (pid namespace), rabuwar tsarin tsari daga yankin mmap, gano kira sau biyu zuwa aikin kfree, toshe leaks ta hanyar pseudo. -FS /proc (/proc/ {modules, maɓallai, masu amfani da maɓalli}, /proc/sys/kernel/* da /proc/sys/vm/mmap_min_addr, /proc/kallsyms), inganta ingantaccen adireshin sararin samaniya, ƙarin Ptrace kariya, inganta smap da smep kariya , ikon hana aika bayanai ta hanyar raw sockets, toshe adiresoshin da ba daidai ba a cikin kwasfa na UDP da kuma duba amincin tafiyar matakai. Hakanan ya haɗa da tsarin Ksguard kernel, wanda ke nufin gano yunƙurin gabatar da tushen tushen tushen.
Атчи
Wani bincike na facin da masu haɓakawa na Grsecurity ya nuna kurakurai da rauni da yawa a cikin lambar, sannan kuma ya nuna rashin tsarin barazanar da zai basu damar yin hukunci daidai da iyawar aikin. Don nuna a fili cewa an rubuta lambar ba tare da amfani da amintattun hanyoyin tsara shirye-shirye ba, an ba da misali na rashin lahani mara nauyi a cikin mai sarrafa.
fayil /proc/ksguard/state, wanda aka ƙirƙira tare da haƙƙin 0777, yana nuna cewa kowa yana da damar rubutawa. Aikin ksg_state_write, wanda ake amfani da shi don tantance umarnin da aka rubuta zuwa /proc/ksguard/state, yana ƙirƙirar tmp[32] wanda aka rubuta bayanai dangane da girman operand ɗin da aka wuce, ba tare da la'akari da girman maƙasudin buffer ba kuma ba tare da duba siga tare da girman kirtani. Wadancan. Don sake rubuta wani ɓangare na tarin kwaya, maharin kawai yana buƙatar rubuta layi na musamman da aka tsara zuwa /proc/ksguard/state.
static ssize_t ksg_state_write (fayil ɗin tsari * fayil, const char __user * buf,
size_t ruwan tabarau, loff_t * biya diyya)
{
u64 darajar;
char tmp[32];
girman_t n = 0;
idan (copy_from_user (tmp, buf, len))
dawo - 1;
darajar = simple_strtoul (tmp, '\0', 10);
...
Yi amfani da samfur:
char buf[4096] = {};
int fd = bude ("/proc/ksguard/state", O_WRONLY);
idan (fd>= 0) {
rubuta (fd, buf, sizeof (buf));
kusa (fd);
}
source: budenet.ru