UAndrey Konovalov ovela kuGoogle indlela yokukhubaza ukude ukhuseleko enikezelwa kwiphakheji ye-Linux kernel ethunyelwe nge-Ubuntu (iindlela ezicetyiswe ngokwethiyori sebenza kunye ne-kernel ye-Fedora kunye nezinye izabelo, kodwa azivavanywa).
Utshixo lunqanda ufikelelo lomsebenzisi kwikernel kwaye luvalela i-UEFI Khusela iindlela zokuQalisa ukugqitha. Umzekelo, kwindlela yokutshixa, ukufikelela kwi/dev/mem, /dev/kmem, /dev/port, /proc/kcore, debugfs, kprobes debugging mode, mmiotrace, tracefs, BPF, PCMCIA CIS (Ulwakhiwo loLwazi lweKhadi), ezinye ujongano lunqunyelwe i-ACPI kunye neerejista ze-MSR ze-CPU, iifowuni kwi-kexec_file kunye ne-kexec_load zivaliwe, imo yokulala ayivumelekanga, ukusetyenziswa kwe-DMA yezixhobo ze-PCI kulinganiselwe, ukungeniswa kwekhowudi ye-ACPI ukusuka kwii-variables ze-EFI akuvumelekanga, ukuguqulwa nge-I / O izibuko azikho. kuvunyelwe, kuquka ukutshintsha inani lophazamiseko kunye ne I/O izibuko lezibuko lothotho.
Indlela yokutshixa isandula kongezwa kwi-Linux kernel engundoqo , kodwa kwii-kernels ezinikezelwa ngokusasazwa zisaphunyezwa ngendlela yeepatches okanye zongezwa ngeepatches. Olunye ulwahlulo phakathi kwee-add-ons ezibonelelwe kwiikiti zokusabalalisa kunye nokuphunyezwa okwakhiwe kwi-kernel kukukwazi ukukhubaza ukutshixa okubonelelweyo ukuba unokufikelela ngokomzimba kwinkqubo.
Ku-Ubuntu kunye ne-Fedora, indibaniselwano engundoqo i-Alt+SysRq+X inikezelwe ukukhubaza i-Lockdown. Kuyaqondwa ukuba indibaniselwano Alt+SysRq+X ingasetyenziswa kuphela ngokufikelela ngokwasemzimbeni kwisixhobo, kwaye kwimeko yokuqhekezwa kude kunye nokufumana ufikelelo lweengcambu, umhlaseli akazukwazi ukuvala i-Lockdown kwaye, umzekelo, ukulayisha i-Lockdown. Imodyuli enerootkit engasayinwanga ngokwedijithali kwikernel.
U-Andrey Konovalov ubonise ukuba iindlela ezisekwe kwikhibhodi zokuqinisekisa ubukho bomsebenzisi bomzimba azisebenzi. Eyona ndlela ilula yokukhubaza i-Lockdown inokuba kukucwangciswa ucinezela Alt+SysRq+X nge/dev/uinput, kodwa olu khetho luvaliwe ekuqaleni. Kwangaxeshanye, kwakunokwenzeka ukuchonga ubuncinane iindlela ezimbini ezingakumbi zokutshintsha Alt+SysRq+X.
Indlela yokuqala ibandakanya ukusebenzisa ujongano lwe "sysrq-trigger" - ukuyilinganisa, vumela olu jongano ngokubhala "1" ukuya /proc/sys/kernel/sysrq, kwaye emva koko ubhale "x" ku /proc/sysrq-trigger. Wathi loophole kuhlaziyo lukaDisemba Ubuntu kernel nakwiFedora 31. Kuyaphawuleka ukuba abaphuhlisi, njengakwimeko ye/dev/uinput, ekuqaleni vala le ndlela, kodwa ukuvala akusebenzanga ngenxa ye kwikhowudi.
Indlela yesibini ibandakanya ukulinganisa kwekhibhodi nge kwaye emva koko uthumele ulandelelwano Alt+SysRq+X ukusuka kwinyani yebhodi yezitshixo. I-USB/IP kernel ethunyelwe nge-Ubuntu yenziwe ngokungagqibekanga (CONFIG_USBIP_VHCI_HCD=m kunye neCONFIG_USBIP_CORE=m) kwaye ibonelela ngedijithali usbip_core kunye neemodyuli zevhci_hcd ezifunekayo ekusebenzeni. Umhlaseli unako isixhobo se-USB esibonakalayo, umphathi womnatha kwi-loopback interface kwaye uyidibanise njengesixhobo esikude se-USB usebenzisa i-USB/IP. Malunga nendlela ekhankanyiweyo kubaphuhlisi be-Ubuntu, kodwa ukulungiswa akukakhululwa.
umthombo: opennet.ru