Linus Torvalds
Haeba mohlaseli a finyella ts'ebetso ea khoutu ka litokelo tsa metso, a ka phethahatsa khoutu ea hae boemong ba kernel, mohlala, ka ho fetola kernel ho sebelisa kexec kapa ho bala / ho ngola mohopolo ka /dev/kmem. Liphello tse hlakileng ka ho fetisisa tsa ts'ebetso e joalo e ka ba
Qalong, mesebetsi ea thibelo ea metso e ile ea ntlafatsoa molemong oa ho matlafatsa ts'ireletso ea boot e netefalitsoeng, 'me liphatlalatso li ntse li sebelisa li-patches tsa motho oa boraro ho thibela ho feta ha UEFI Secure Boot ka nako e telele. Ka nako e ts'oanang, lithibelo tse joalo li ne li sa kenyelletsoa sebopeho se seholo sa kernel ka lebaka la
Mokhoa oa Lockdown o thibela phihlello ho /dev/mem, /dev/kmem, /dev/port, /proc/kcore, debugfs, kprobes debug mode, mmiotrace, tracefs, BPF, PCMCIA CIS (Sebopeho sa Boitsebiso ba Karete), li-interfaces tse ling tsa ACPI le CPU. Ngoliso ea MSR, kexec_file le mehala ea kexec_load e koetsoe, mokhoa oa ho robala o thibetsoe, tšebeliso ea DMA bakeng sa lisebelisoa tsa PCI e lekanyelitsoe, ho kenngoa ha khoutu ea ACPI ho tsoa ho mefuta ea EFI ho thibetsoe,
Ho qhekella ka likou tsa I/O ha ho lumelloe, ho kenyelletsa ho fetola nomoro ea tšitiso le boema-kepe ba I/O bakeng sa boema-kepe ba serial.
Ka nako e sa lekanyetsoang, mochine oa ho koala ha o sebetse, o hahiloe ha khetho ea SECURITY_LOCKDOWN_LSM e hlalositsoe ho kconfig mme e kenngoa ka kernel parameter "lockdown =", faele ea taolo "/sys/kernel/security/lockdown" kapa likhetho tsa kopano.
Ho bohlokoa ho hlokomela hore Lockdown e fokotsa feela phihlello e tloaelehileng ea kernel, empa ha e sireletse khahlano le liphetoho ka lebaka la tšebeliso ea bofokoli. Ho thibela liphetoho ho kernel e sebetsang ha ts'ebetso e sebelisoa ke morero oa Openwall
Source: opennet.ru