ProHoster > Blog > internet nhau > kunze-kwe-muti v1.0.0 - maturusi ekugadzira uye kuyedza maitiro uye Linux kernel modules

kunze-kwe-muti v1.0.0 - maturusi ekugadzira uye kuyedza maitiro uye Linux kernel modules


kunze-kwe-muti v1.0.0 - maturusi ekugadzira uye kuyedza maitiro uye Linux kernel modules

Yekutanga (v1.0.0) vhezheni yekunze-kwe-muti, chishandiso chekugadzira uye kuyedza maitiro uye Linux kernel modules, yakaburitswa.

kunze-kwe-muti kunokubvumira kuti uite otomatiki mamwe maitiro ekugadzira nharaunda dzedebugging kernel modules uye exploits, kugadzira exploit kuvimbika manhamba, uye zvakare inopa kugona kubatanidza nyore muCI (Inoenderera Kubatanidzwa).

Imwe neimwe kernel module kana exploit inotsanangurwa nefaira .out-of-tree.toml, iyo inotsanangudza ruzivo nezve inodiwa nharaunda uye (kana iri yekushandiswa) zvirambidzo pakushanda pamberi pehumwe kuchengetedzwa kwekudzivirira.

Iyo toolkit zvakare inobvumidza iwe kuti uone chaiwo kernel vhezheni dzakakanganiswa nekusagadzikana (uchishandisa iyo --guess command), uye inogona zvakare kushandiswa kurerutsa mabhinari ekutsvaga kwekuita kwakati.

Pazasi pane rondedzero yekuchinja kubva muvhezheni v0.2.

Wedzera

  • Yakaitwa kugona kudzikamisa nhamba yakagadzirwa (kunze kwemuti kernel autogen) kernels (zvichibva pane tsananguro mu.out-of-tree.toml) uye cheki chinomhanya (kunze-kwe-muti pew) uchishandisa -max= X parameter.

  • New genall command, iyo inokutendera iwe kuti ugadzire kernels yese yekugovera chaiyo uye shanduro.

  • Ese matanda ikozvino akachengetwa mu sqlite3 dhatabhesi. Yakamisikidzwa mirairo yemibvunzo iri nyore inowanzodikanwa, pamwe nekutumira data kune json uye markdown.

  • Kuitwa kuverenga kwemukana wekushanda kwakabudirira (zvichienderana nekutanga kwekutanga).

  • Kugona kuchengetedza mhedzisiro yekuvaka (nyowani --dist parameter yekunze-kwe-muti pew command)

  • Tsigiro yekugadzira metadata yekernels yakaiswa pane iyo host system, pamwe nekuvaka zvakananga pane iyo host.

  • Tsigiro kune yechitatu bato kernels.

  • Iyo yekunze-yemuti debug nharaunda ikozvino inozvitsvagira otomatiki zviratidzo zvekugadzirisa pane iyo host system.

  • Yakawedzera kugona kubata kuchengetedza kudzikisira nekugonesa / kudzima mireza KASLR, SMEP, SMAP uye KPTI panguva yekugadzirisa.

  • Yakawedzera iyo --threads=N parameter kune yekunze-kwe-muti pew test command, iyo inogona kushandiswa kududzira nhamba yeshinda umo kuvaka/kumhanyisa uye kuyedza maexploits uye kernel module.

  • Iko kugona kuseta tag inozorekodhwa mulogi uye inogona kushandiswa kuverenga nhamba.

  • Yakawedzera kugona kutsanangura iyo kernel vhezheni pasina kushandisa yakajairika mataurirwo.

  • Mutsva wepakeji murairo, unoshandiswa kuyedza kuwanda kwezvishandiso uye kernel module mune subdirectories.

  • Muchigadziro (.out-of-tree.toml) chekushandisa uye kernel module, kukwanisa kuvhara KASLR, SMEP, SMAP uye KPTI kwakawedzerwa, pamwe nekutsanangura nhamba inodiwa yemacores uye chiyeuchidzo.

  • Iye zvino mifananidzo (midzi) inotakurwa otomatiki apo kernel autogen iri kushanda. bootstrap haichadiwi.

  • Tsigiro yeCentOS kernels.

Shanduko

  • Iye zvino, kana pasina mufananidzo (rootfs) yeshanduro inodiwa yekugovera, kunze kwemuti kuchaedza kushandisa mufananidzo weiyo yepedyo shanduro. Semuenzaniso, Ubuntu 18.04 mufananidzo weUbuntu 18.10.

  • Ikozvino bvunzo dze kernel module haizotariswe kukundikana kana isipo (hapana bvunzo - hapana zvikanganiso!).

  • Ikozvino kunze-kwemuti kunodzosera yakaipa kodhi kodhi kana imwe nhanho (kuvaka, kuvhura kana kuyedza) pane chero macores akatadza.

  • Chirongwa ichi chachinja kushandisa Go modules, kuvaka neGO111MODULE=on kwava kuda.

  • Yakawedzera bvunzo dzekutanga.

  • Test.sh yava kushandiswa nemazuva ese kana gungano re${TARGET}_test risina kuitwa muMakefile.

  • Iyo kernel log haisisina kucheneswa isati yamhanyisa kernel module kana kushandisa. Zvimwe zvekushandisa zvinoshandisa kernel base leak mu dmesg kunzvenga KASLR, saka kuchenesa kunogona kutyora hunhu hwekushandisa.

  • qemu/kvm ikozvino inoshandisa zvese zvinogoneka zvemugadziri processor.

Yakabviswa

  • Kernel Factory yakabviswa zvachose nekuda kwekushandiswa kwekernel chizvarwa chakavakirwa pane yakawedzera yakagadziridzwa Dockerfiles.

  • bootstrap haiite chimwe chinhu. Murairo uchabviswa mukuburitswa kunotevera.

Yakagadziriswa

  • Pa macOS, GNU coreutils haichadiwi kumhanya.

  • Mafaira enguva pfupi akatamiswa kuenda ku ~/.out-of-tree/tmp/ nekuda kwekukwira kwezvikanganiso mukati me docker pane mamwe masisitimu.

Source: linux.org.ru

Voeg