Linus Torvalds
Yog tias tus neeg tawm tsam ua tiav cov cai ua tiav nrog cov cai hauv paus, nws tuaj yeem ua tiav nws cov cai ntawm qib ntsiav, piv txwv li, los ntawm kev hloov cov ntsiav siv kexec lossis nyeem / sau nco ntawm /dev/kmem. Qhov pom tseeb tshaj plaws ntawm qhov kev ua no yuav yog
Thaum pib, lub hauv paus txwv kev ua haujlwm tau tsim nyob rau hauv cov ntsiab lus ntawm kev ntxiv dag zog rau kev tiv thaiv khau raj, thiab kev faib khoom tau siv cov khoom thib peb los thaiv kev hla ntawm UEFI Secure Boot rau qee lub sijhawm. Nyob rau tib lub sijhawm, cov kev txwv no tsis suav nrog hauv cov ntsiab lus tseem ceeb ntawm cov ntsiav vim
Lockdown hom txwv kev nkag mus rau /dev/mem, /dev/kmem, /dev/port, /proc/kcore, debugfs, kprobes debug hom, mmiotrace, tracefs, BPF, PCMCIA CIS (Card Information Structure), qee qhov ACPI interfaces thiab CPU MSR cov ntawv sau npe, kexec_file thiab kexec_load hu tau raug thaiv, hom pw tsaug zog yog txwv tsis pub siv DMA rau PCI li txwv, ACPI code ntshuam los ntawm EFI hloov pauv yog txwv,
Manipulations nrog I / O cov chaw nres nkoj tsis raug tso cai, suav nrog kev hloov pauv tus lej cuam tshuam thiab I / O chaw nres nkoj rau qhov chaw nres nkoj serial.
Los ntawm lub neej ntawd, lub kaw lus kaw tsis ua haujlwm, nws tau tsim thaum qhov kev xaiv SECURITY_LOCKDOWN_LSM tau teev tseg hauv kconfig thiab tau qhib los ntawm cov ntsiav tsis "lockdown=", cov ntaub ntawv tswj "/sys/kernel/security/lockdown" lossis kev xaiv sib dhos
Nws yog ib qho tseem ceeb uas yuav tsum nco ntsoov tias kev kaw cia tsuas yog txwv cov txheej txheem nkag mus rau cov ntsiav, tab sis tsis tiv thaiv kev hloov kho vim yog kev siv cov kev tsis zoo. Txhawm rau thaiv cov kev hloov pauv rau cov ntsiav khiav thaum siv los ntawm Openwall project
Tau qhov twg los: opennet.ru