Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > out-of-tree v1.0.0 - zida zopangira ndi kuyesa zopambana ndi ma module a Linux kernel

out-of-tree v1.0.0 - zida zopangira ndi kuyesa zopambana ndi ma module a Linux kernel


out-of-tree v1.0.0 - zida zopangira ndi kuyesa zopambana ndi ma module a Linux kernel

Mtundu woyamba (v1.0.0) wa kunja kwa mtengo, zida zopangira ndi kuyesa zoyeserera ndi ma module a Linux kernel, adatulutsidwa.

kunja kwamtengo kumakupatsani mwayi woti muzitha kuchita zinthu mwachizolowezi kuti mupange malo osinthira ma module a kernel ndi ma exploit, ndikupanga ziwerengero zodalirika, komanso kumakupatsani mwayi wophatikizika mosavuta mu CI (Kuphatikizana Kopitilira).

Gawo lililonse la kernel kapena kugwiritsira ntchito likufotokozedwa ndi fayilo .out-of-tree.toml, yomwe imatchula zambiri zokhudza chilengedwe chofunikira komanso (ngati ndi ntchito) zoletsa pakugwira ntchito pamaso pa zochepetsera zina za chitetezo.

Chidachi chimakupatsaninso mwayi wozindikira mitundu ina ya kernel yomwe yakhudzidwa ndi chiwopsezo (pogwiritsa ntchito --guess command), ndipo itha kugwiritsidwanso ntchito kupeputsa kusaka kwamabina pakupanga kwina.

Pansipa pali mndandanda wazosintha kuyambira mtundu wa v0.2.

Yowonjezedwa ndi

  • Anakhazikitsa kuthekera kochepetsera kuchuluka kwa maso opangidwa (out-of-tree kernel autogen) (kutengera kufotokozera mu .out-of-tree.toml) ndikuyang'ana kuthamanga (kunja kwa mtengo) pogwiritsa ntchito -max= X parameter.

  • Lamulo latsopano la genall, lomwe limakupatsani mwayi wopanga ma maso onse kuti mugawane ndi mtundu wina.

  • Mitengo yonse tsopano yasungidwa mu database ya sqlite3. Malamulo omwe adakhazikitsidwa pamafunso osavuta omwe amafunikira pafupipafupi, komanso kutumiza deta ku json ndi kutsitsa.

  • Kuwerengera kokhazikika kwa mwayi wochita bwino (kutengera zomwe zidayambitsa kale).

  • Kutha kusunga zotsatira zomanga (zatsopano --dist parameter ya out of-tree pew command)

  • Thandizo lopanga metadata ya ma kernels omwe amaikidwa pa makina osungira, komanso kumanga mwachindunji pa wolandirayo.

  • Thandizo la maso a chipani chachitatu.

  • Malo omwe ali kunja kwa mtengo tsopano amafufuza okha zizindikiro zowonongeka pa makina osungira.

  • Anawonjezera kuthekera kosamalira zochepetsera chitetezo ndi kuyatsa / kuletsa mbendera KASLR, SMEP, SMAP ndi KPTI panthawi yamavuto.

  • Onjezani --threads=N parameter ku lamulo loyesa pew-of-tree, lomwe lingagwiritsidwe ntchito kufotokoza kuchuluka kwa ulusi womanga / kuyendetsa ndikuyesa zopambana ndi ma module a kernel.

  • Kutha kukhazikitsa tag yomwe idzalembedwe mu chipika ndipo ingagwiritsidwe ntchito kuwerengera ziwerengero.

  • Anawonjezera kuthekera kofotokozera mtundu wa kernel osagwiritsa ntchito mawu okhazikika.

  • Lamulo lapaketi latsopano, lomwe limagwiritsidwa ntchito poyesa kuchuluka kwa zochitika ndi ma module a kernel m'ma subdirectories.

  • Pokonzekera (.out-of-tree.toml) kwa gawo la exploit ndi kernel, kuthekera koletsa KASLR, SMEP, SMAP ndi KPTI kwawonjezeredwa, komanso kutchula nambala yofunikira ya ma cores ndi kukumbukira.

  • Tsopano zithunzi (rootfs) zimakwezedwa zokha pomwe kernel autogen ikugwira ntchito. bootstrap sikufunikanso.

  • Thandizo la ma kernels a CentOS.

Zosintha

  • Tsopano, ngati palibe chithunzi (rootfs) cha mtundu wofunikira wa kugawa, kunja kwa mtengo kudzayesa kugwiritsa ntchito chithunzi cha mtundu wapafupi kwambiri. Mwachitsanzo, chithunzi cha Ubuntu 18.04 cha Ubuntu 18.10.

  • Tsopano mayesero a ma kernel modules sangaganizidwe kuti ndi olephera ngati akusowa (palibe mayesero - palibe zolakwika!).

  • Tsopano kunja kwa mtengo kubwezera cholakwika cholakwika ngati gawo limodzi (kumanga, kuyambitsa kapena kuyesa) pamtundu uliwonse walephera.

  • Pulojekitiyi yayamba kugwiritsa ntchito ma Go modules, kumanga ndi GO111MODULE=on tsopano ndi komwe kumakonda.

  • Onjezani zoyeserera zokhazikika.

  • Test.sh idzagwiritsidwa ntchito mwachisawawa ngati msonkhano wa ${TARGET}_test sunagwiritsidwe ntchito mu Makefile.

  • Cholemba cha kernel sichimachotsedwanso musanagwiritse ntchito kernel module kapena exploit. Zina mwazochita zimagwiritsa ntchito kernel base leak mu dmesg kudutsa KASLR, kotero kuyeretsa kumatha kusokoneza malingaliro omwe agwiritsidwa ntchito.

  • qemu/kvm tsopano imagwiritsa ntchito mphamvu zonse za purosesa yolandila.

Zachotsedwa

  • Kernel Factory zachotsedwa kwathunthu chifukwa cha kukhazikitsidwa kwa kernel kutengera ma Dockerfiles osinthidwa mowonjezereka.

  • bootstrap sichita china chilichonse. Lamuloli lichotsedwa pakumasulidwa kotsatira.

Zokonzedwa

  • Pa macOS, GNU coreutils sikufunikanso kuyendetsa.

  • Mafayilo osakhalitsa asunthidwa ku ~/.out-of-tree/tmp/ chifukwa cha zolakwika zomwe zikuchulukira mkati mwa docker pamakina ena.

Source: linux.org.ru

Kuwonjezera ndemanga