Linus Torvalds
Haddii weeraryahanku ku guuleysto fulinta code ee xuquuqda xididka, wuxuu ku fulin karaa koodkiisa heerka kernel, tusaale ahaan, isagoo bedelaya kernelka isagoo isticmaalaya kexec ama akhrinta/qorista xusuusta /dev/kmem. Cawaaqibta ugu cad ee hawshan oo kale waxay noqon kartaa
Markii hore, shaqooyinka xaddidan ee xididka waxaa loo sameeyay iyadoo la eegayo xoojinta ilaalinta boot-ka la xaqiijiyay, qaybinta ayaa adeegsanaysay balastarro qolo saddexaad ah si ay u xannibto ka gudubka UEFI Secure Boot in muddo ah. Isla mar ahaantaana, xayiraadaha noocan oo kale ah laguma darin halabuurka ugu muhiimsan ee kernel sababtoo ah
Habka qufulku wuxuu xaddidaa gelitaanka / dev/mem, / dev/kmem, / dev/dekedda, /proc/kcore, debugfs, kprobes debug mode, mmiotrace, tracefs, BPF, PCMCIA CIS (qaabdhismeedka macluumaadka kaadhka), qaar ka mid ah is-dhexgalka ACPI iyo CPU Diiwaanada MSR, kexec_file iyo kexec_load wicitaanada waa la xannibay, qaabka hurdada waa mamnuuc, isticmaalka DMA ee aaladaha PCI waa xadidan yahay, soo dejinta koodka ACPI ee doorsoomayaasha EFI waa mamnuuc,
Wax-is-daba-marin lagu sameeyo dekedaha I/O lama oggola, oo ay ku jiraan beddelidda lambarka joojinta iyo dekedda I/O ee dekedda taxan.
Sida caadiga ah, moduleka xiritaanku ma shaqeynayo, waxaa la dhisay marka xulashada SECURITY_LOCKDOWN_LSM lagu cayimay kconfig waxaana lagu hawlgeliyaa iyada oo loo marayo cabbirka kernel "lockdown =", faylka xakamaynta "/ sys / kernel / security / lockdown" ama doorashooyinka shirarka
Waxaa muhiim ah in la ogaado in xannibaadda ay xaddidayso gelitaanka caadiga ah ee kernel-ka, laakiin kama ilaalinayso wax ka beddelka natiijada ka faa'iidaysiga dayacanka. Si loo joojiyo isbeddelada kernel-ka socda marka ka faa'iidaysiga loo isticmaalo mashruuca Openwall
Source: opennet.ru