UAndrey Konovalov ovela kuGoogle
Utshixo lunqanda ufikelelo lomsebenzisi kwikernel kwaye luvalela i-UEFI Khusela iindlela zokuQalisa ukugqitha. Umzekelo, kwindlela yokutshixa, ukufikelela kwi/dev/mem, /dev/kmem, /dev/port, /proc/kcore, debugfs, kprobes debugging mode, mmiotrace, tracefs, BPF, PCMCIA CIS (Ulwakhiwo loLwazi lweKhadi), ezinye ujongano lunqunyelwe i-ACPI kunye neerejista ze-MSR ze-CPU, iifowuni kwi-kexec_file kunye ne-kexec_load zivaliwe, imo yokulala ayivumelekanga, ukusetyenziswa kwe-DMA yezixhobo ze-PCI kulinganiselwe, ukungeniswa kwekhowudi ye-ACPI ukusuka kwii-variables ze-EFI akuvumelekanga, ukuguqulwa nge-I / O izibuko azikho. kuvunyelwe, kuquka ukutshintsha inani lophazamiseko kunye ne I/O izibuko lezibuko lothotho.
Indlela yokutshixa isandula kongezwa kwi-Linux kernel engundoqo
Ku-Ubuntu kunye ne-Fedora, indibaniselwano engundoqo i-Alt+SysRq+X inikezelwe ukukhubaza i-Lockdown. Kuyaqondwa ukuba indibaniselwano Alt+SysRq+X ingasetyenziswa kuphela ngokufikelela ngokwasemzimbeni kwisixhobo, kwaye kwimeko yokuqhekezwa kude kunye nokufumana ufikelelo lweengcambu, umhlaseli akazukwazi ukuvala i-Lockdown kwaye, umzekelo, ukulayisha i-Lockdown. Imodyuli enerootkit engasayinwanga ngokwedijithali kwikernel.
U-Andrey Konovalov ubonise ukuba iindlela ezisekwe kwikhibhodi zokuqinisekisa ubukho bomsebenzisi bomzimba azisebenzi. Eyona ndlela ilula yokukhubaza i-Lockdown inokuba kukucwangciswa
Indlela yokuqala ibandakanya ukusebenzisa ujongano lwe "sysrq-trigger" - ukuyilinganisa, vumela olu jongano ngokubhala "1" ukuya /proc/sys/kernel/sysrq, kwaye emva koko ubhale "x" ku /proc/sysrq-trigger. Wathi loophole
Indlela yesibini ibandakanya ukulinganisa kwekhibhodi nge
umthombo: opennet.ru