Andrey Konovalov kubva kuGoogle nzira yekudzima kudzivirira kure inopihwa muLinux kernel package inotumirwa neUbuntu (matekinoroji anokurudzirwa shanda nekernel yeFedora uye kumwe kugovera, asi ivo havana kuedzwa).
Lockdown inorambidza midzi yevashandisi kupinda kune kernel uye inovhara UEFI Chengetedza Boot yekupfuura nzira. Semuenzaniso, mukuvhara maitiro, kuwana ku / dev / mem, / dev / kmem, / dev / port, / proc/kcore, debugfs, kprobes debug mode, mmiotrace, tracefs, BPF, PCMCIA CIS (Kadhi Ruzivo Rwekuumbwa), zvimwe. interfaces inogumira ACPI uye MSR marejista eCPU, mafoni ku kexec_file uye kexec_load akavharwa, nzira yekurara inorambidzwa, DMA kushandiswa kwePCI zvishandiso kushoma, kupinza kwe ACPI kodhi kubva kuEFI variables kunorambidzwa, manipulations neI / O ports haana. inobvumirwa, kusanganisira kuchinja nhamba yekukanganisa uye I / O chiteshi che serial port.
Iyo Lockdown michina ichangobva kuwedzerwa kune huru Linux kernel , asi mumakernels akapihwa mukugovewa ichiri kuitwa muchimiro chezvigamba kana kuwedzerwa nezvigamba. Mumwe wemisiyano pakati peawedzero anopihwa mumakiti ekugovera uye kuisirwa kwakavakirwa mukernel kugona kudzima kukiya kwakapihwa kana iwe uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchingedzo, kugona kudzima kuvharika kwakapihwa.
MuUbuntu neFedora, musanganiswa wakakosha Alt+SysRq+X unopihwa kudzima Lockdown. Zvinonzwisiswa kuti musanganiswa Alt + SysRq + X unogona kushandiswa chete nekuwana kwemuviri kune mudziyo, uye kana iri yekubira kure uye kuwana midzi yekuwana, anorwisa haazokwanisi kudzima Lockdown uye, semuenzaniso, kurodha a. module ine rootkit isina kusainwa nedigital mukernel.
Andrey Konovalov akaratidza kuti keyboard-based nzira dzekusimbisa kuvapo kwemuviri kwemushandisi hadzishande. Nzira iri nyore yekudzima Lockdown ingave yekuronga kudzvanya Alt+SysRq+X kuburikidza /dev/uinput, asi iyi sarudzo yakatanga kuvharwa. Panguva imwecheteyo, zvaigoneka kuona dzimwe nzira mbiri dzekutsiva Alt+SysRq+X.
Nzira yekutanga inosanganisira kushandisa "sysrq-trigger" interface - kuitevedzera, ingogonesa iyi interface nekunyora "1" ku /proc/sys/kernel/sysrq, wobva wanyora "x" ku /proc/sysrq-trigger. Akadaro loophole muna Zvita Ubuntu kernel update uye muFedora 31. Zvinokosha kuziva kuti vanogadzira, sezvakaita / dev/uinput, pakutanga. vhara nzira iyi, asi kuvharira hakuna kushanda nekuda kwe mu code.
Yechipiri nzira inosanganisira kiibhodhi emulation kuburikidza uye wozotumira iyo inoteedzana Alt+SysRq+X kubva kune chaiyo kiyibhodhi. Iyo USB/IP kernel inotumirwa neUbuntu inogoneswa nekusingaperi (CONFIG_USBIP_VHCI_HCD=m uye CONFIG_USBIP_CORE=m) uye inopa iyo yakasainwa nedigital usbip_core uye vhci_hcd modules inodiwa kuti ishande. Murwi anogona virtual USB mudziyo, network inobata pane loopback interface uye kuibatanidza sechinhu chiri kure che USB uchishandisa USB/IP. Nezve nzira yakatarwa kune vanogadzira Ubuntu, asi gadziriso haisati yaburitswa.
Source: opennet.ru