ProHoster > Blog > litaba tsa inthanete > out-of-tree v1.0.0 - lisebelisoa tsa ho nts'etsapele le ho leka lisebelisoa le li-module tsa Linux kernel

out-of-tree v1.0.0 - lisebelisoa tsa ho nts'etsapele le ho leka lisebelisoa le li-module tsa Linux kernel


out-of-tree v1.0.0 - lisebelisoa tsa ho nts'etsapele le ho leka lisebelisoa le li-module tsa Linux kernel

Phetolelo ea pele (v1.0.0) ea ka ntle ho sefate, sephutheloana sa lisebelisoa bakeng sa ho ntlafatsa le ho hlahloba lisebelisoa le li-module tsa Linux kernel, li ile tsa lokolloa.

ka ntle ho sefate ho u lumella ho iketsetsa liketso tse ling tse tloaelehileng ho theha maemo a ho lokisa li-module tsa kernel le ho sebelisa, ho hlahisa lipalo-palo tsa ts'episo ea tšebeliso e mpe, hape e fana ka bokhoni ba ho kopanya habonolo ho CI (Continuous Integration).

Mojule o mong le o mong oa kernel kapa exploit e hlalosoa ke faele .out-of-tree.toml, e hlalosang tlhahisoleseding e mabapi le tikoloho e hlokahalang le (haeba e le ts'ebetsong) lithibelo tsa ts'ebetso ka pel'a ho fokotsa ts'ireletso e itseng.

Setsi sa lisebelisoa se boetse se u lumella ho tseba mefuta e itseng ea kernel e anngoeng ke tlokotsi (u sebelisa --guess command), hape e ka sebelisoa ho nolofatsa lipatlisiso tsa binary bakeng sa boitlamo bo itseng.

Ka tlase lethathamo la liphetoho ho tloha ho mofuta oa v0.2.

E kentsoe

  • E kentse tshebetsong bokgoni ba ho fokotsa palo ya tse hlahisitsweng (out-of-tree kernel autogen) (ho ipapisitse le tlhaloso e ho .out-of-tree.toml) le check runs (out-of-tree pew) sebelisa —max= X parameter.

  • Taelo e ncha ea genall, e u lumellang ho hlahisa lithollo tsohle bakeng sa kabo e itseng le mofuta.

  • Li-log tsohle li se li bolokiloe polokelong ea sqlite3. Litaelo tse sebelisitsoeng bakeng sa lipotso tse bonolo tse hlokahalang khafetsa, hammoho le ho romella data ho json le markdown.

  • Palo e kentsoeng ea monyetla oa ts'ebetso e atlehileng (e ipapisitseng le tse qalileng pele).

  • Bokhoni ba ho boloka liphetho tsa moaho (parameter e ncha ea --dist bakeng sa taelo ea pew e kantle ho sefate)

  • Ts'ehetso ea ho hlahisa metadata bakeng sa li-kernels tse kentsoeng tsamaisong ea baeti, hammoho le ho haha ​​​​ka ho toba ho moamoheli.

  • Tšehetso bakeng sa lithollo tsa motho oa boraro.

  • Tikoloho e ka ntle ea sefate ea ho lokisa bothata hona joale e batla ka bo eona matšoao a debugging ho sistimi e amohelang.

  • E ekelitse bokhoni ba ho laola phokotso ea ts'ireletso ka ho nolofalletsa / ho tima lifolakha KASLR, SMEP, SMAP le KPTI nakong ea ho lokisa liphoso.

  • E kentse --threads=N paramethara ho taelo ea tlhahlobo ea pew e kantle ho sefate, e ka sebelisoang ho hlakisa palo ea likhoele tseo ho tsona ho ka hahoang/ho tsamaisoang le ho lekola lisebelisoa le likarolo tsa kernel.

  • Bokhoni ba ho beha tag e tla ngoloa ho log ebe e ka sebelisoa ho bala lipalo-palo.

  • E kentse bokhoni ba ho hlakisa mofuta oa kernel ntle le ho sebelisa mantsoe a tloaelehileng.

  • Taelo e ncha ea pakete, e sebelisetsoang liteko tse ngata tsa exploits le kernel modules subdirectories.

  • Ho tlhophiso (.out-of-tree.toml) bakeng sa mojule oa exploit le kernel, bokhoni ba ho tima KASLR, SMEP, SMAP le KPTI bo kentsoe, hammoho le ho hlakisa palo e hlokahalang ea li-cores le memori.

  • Hona joale litšoantšo (rootfs) li jarolloa ka bo eona ha kernel autogen e ntse e sebetsa. bootstrap ha e sa hlokahala.

  • Ts'ehetso bakeng sa lithollo tsa CentOS.

Liphetoho

  • Hona joale, haeba ho se na setšoantšo (rootfs) bakeng sa phetolelo e hlokahalang ea kabo, ka ntle ho sefate e tla leka ho sebelisa setšoantšo sa phetolelo e haufi-ufi. Mohlala, setšoantšo sa Ubuntu 18.04 bakeng sa Ubuntu 18.10.

  • Hona joale liteko tsa li-module tsa kernel li ke ke tsa nkoa e le ho hlōleha haeba li le sieo (ha ho na liteko - ha ho liphoso!).

  • Hona joale ka ntle ho sefate ho tla khutlisa khoutu ea phoso e fosahetseng haeba bonyane mohato o le mong (ho haha, ho qala kapa ho hlahloba) ho li-cores leha e le life li hlōlehile.

  • Morero o fetohetse ho sebelisa li-module tsa Go, ho aha ka GO111MODULE=on hona joale ho ratoa.

  • E kentse liteko tsa kamehla.

  • Hona joale Test.sh e tla sebelisoa ka ho sa feleng haeba kopano e ${TARGET}_test e sa kengoa tšebetsong ho Makefile.

  • Lenane la kernel ha le sa hlakisoa pele le sebelisa kernel module kapa exploit. Tse ling tsa litlatsetso li sebelisa kernel base leak ho dmesg ho feta KASLR, kahoo ho hloekisa ho ka senya mohopolo o sebelisitsoeng.

  • qemu/kvm joale e sebelisa bokhoni bohle ba processor ea moamoheli.

E tlositsoe

  • Feme ea Kernel e tlositsoe ka botlalo ka lebaka la ts'ebetsong ea tlhahiso ea kernel e ipapisitseng le li-Dockerfiles tse ntlafalitsoeng haholo.

  • bootstrap ha e etse letho le leng. Taelo e tla tlosoa tokollong e latelang.

Lokisitsoe

  • Ho macOS, GNU coreutils ha e sa hlokahala hore e sebetse.

  • Lifaele tsa nakoana li fetiselitsoe ho ~/.out-of-tree/tmp/ ka lebaka la liphoso tse ntseng li eketseha ka har'a docker ho litsamaiso tse ling.

Source: linux.org.ru

Eketsa ka tlhaloso