Andrey Konovalov wochokera ku Google njira yolepheretsa chitetezo chakutali zoperekedwa mu phukusi la Linux kernel lotumizidwa ndi Ubuntu (njira zomwe zimaperekedwa mwaukadaulo gwirani ntchito ndi kernel ya Fedora ndi magawo ena, koma samayesedwa).
Lockdown imalepheretsa ogwiritsa ntchito kulowa mu kernel ndikuletsa njira za UEFI Secure Boot bypass. Mwachitsanzo, mumalowedwe otsekera, mwayi wopita ku / dev/mem, /dev/kmem, /dev/port, /proc/kcore, debugfs, kprobes debugging mode, mmiotrace, tracefs, BPF, PCMCIA CIS (Kapangidwe ka Chidziwitso Chamakhadi), zina ma interfaces ndi ochepa ACPI ndi MSR zolembera za CPU, kuyitana kwa kexec_file ndi kexec_load kutsekedwa, njira yogona ndiyoletsedwa, DMA kugwiritsa ntchito zipangizo za PCI ndizochepa, kuitanitsa kachidindo ka ACPI kuchokera ku mitundu ya EFI ndikoletsedwa, kugwiritsira ntchito madoko a I / O sikuletsedwa. zololedwa, kuphatikiza kusintha nambala yosokoneza ndi doko la I/O la doko la serial.
Makina a Lockdown adawonjezedwa ku Linux kernel yayikulu , koma mu maso omwe amaperekedwa pogawira amagwiritsidwabe ntchito ngati zigamba kapena kuwonjezeredwa ndi zigamba. Kusiyanitsa kumodzi pakati pa zowonjezera zomwe zimaperekedwa m'magawo ogawa ndikukhazikitsa zomwe zimamangidwa mu kernel ndikutha kuletsa kutseka komwe kumaperekedwa ngati muli ndi mwayi wogwiritsa ntchito dongosolo.
Ku Ubuntu ndi Fedora, kuphatikiza kiyi Alt + SysRq + X kumaperekedwa kuti mulepheretse Lockdown. Zimamveka kuti kuphatikiza Alt + SysRq + X chitha kugwiritsidwa ntchito pokhapokha pa chipangizocho, ndipo ngati atabera patali ndikupeza mizu, wowukirayo sangathe kuletsa Lockdown ndipo, mwachitsanzo, kutsitsa a. module yokhala ndi rootkit yomwe siinasainidwe ndi digito mu kernel.
Andrey Konovalov adawonetsa kuti njira zozikidwa pa kiyibodi zotsimikizira kupezeka kwa wogwiritsa ntchito ndizosathandiza. Njira yosavuta yoletsera Lockdown ingakhale mwadongosolo kukanikiza Alt+SysRq+X kudzera /dev/uinput, koma njirayi idaletsedwa poyamba. Nthawi yomweyo, zinali zotheka kuzindikira njira zina ziwiri zosinthira Alt+SysRq+X.
Njira yoyamba imaphatikizapo kugwiritsa ntchito mawonekedwe a "sysrq-trigger" - kuti muyesere, ingoyambitsani mawonekedwewa polemba "1" ku /proc/sys/kernel/sysrq, kenako lembani "x" ku /proc/sysrq-trigger. Anatero loophole mu December Ubuntu kernel update ndi Fedora 31. Ndizochititsa chidwi kuti opanga, monga momwe zinalili ndi /dev/uinput, poyamba. kuletsa njira iyi, koma kutsekereza sikunagwire ntchito chifukwa mu kodi.
Njira yachiwiri ikukhudza kutsanzira kiyibodi kudzera ndiyeno kutumiza kutsatizana kwa Alt+SysRq+X kuchokera pa kiyibodi yeniyeni. USB/IP kernel yotumizidwa ndi Ubuntu imayatsidwa mwachisawawa (CONFIG_USBIP_VHCI_HCD=m ndi CONFIG_USBIP_CORE=m) ndipo imapereka ma module a usbip_core ndi vhci_hcd ofunikira kuti agwire ntchito. Wowukirayo akhoza chipangizo chenicheni cha USB, network chogwirizira pa loopback mawonekedwe ndi kulumikiza ngati chipangizo chakutali USB ntchito USB/IP. Za njira yodziwika kwa opanga Ubuntu, koma kukonza sikunatulutsidwebe.
Source: opennet.ru