Hoton Linus Torvalds
Idan maharin ya sami nasarar aiwatar da lambar tare da haƙƙin tushen, zai iya aiwatar da lambar sa a matakin kwaya, misali, ta maye gurbin kwaya ta amfani da kexec ko karantawa/rubutu ƙwaƙwalwar ajiya ta /dev/kmem. Mafi bayyananne sakamakon irin wannan aikin na iya zama
Da farko, an haɓaka ayyukan ƙuntata tushen tushen a cikin mahallin ƙarfafa kariyar ingantaccen boot, kuma rarrabawa suna amfani da faci na ɓangare na uku don toshe ƙetare na UEFI Secure Boot na ɗan lokaci kaɗan. A lokaci guda, irin waɗannan ƙuntatawa ba a haɗa su a cikin babban abun da ke ciki na kwaya ba saboda
Yanayin kullewa yana ƙuntata samun dama ga / dev/mem, / dev/kmem, / dev/port, /proc/kcore, debugfs, kprobes debug yanayin, mmiotrace, tracefs, BPF, PCMCIA CIS (Tsarin Bayanin Katin), wasu hanyoyin ACPI da CPU Rijistar MSR, kiran kexec_file da kexec_load an toshe, an hana yanayin bacci, amfani da DMA don na'urorin PCI yana da iyaka, an hana shigo da lambar ACPI daga masu canjin EFI,
Ba a yarda da yin amfani da tashoshin I/O ba, gami da canza lambar katsewa da tashar I/O don tashar tashar jiragen ruwa.
Ta hanyar tsoho, tsarin kulle ba ya aiki, an gina shi lokacin da aka ƙayyade zaɓi na SECURITY_LOCKDOWN_LSM a cikin kconfig kuma ana kunna shi ta hanyar sigar kernel "lockdown =", fayil ɗin sarrafawa "/ sys / kernel / tsaro / kullewa" ko zaɓuɓɓukan taro.
Yana da mahimmanci a lura cewa kullewa yana iyakance daidaitaccen damar zuwa kwaya ne kawai, amma baya karewa daga gyare-gyare sakamakon amfani da lahani. Don toshe canje-canje ga kernel mai gudana lokacin da aikin Openwall ke amfani da abubuwan amfani
source: budenet.ru