USasha Levin we-NVIDIA, ogcina amasebe e-LTS kwi-kernel yeLinux kwaye esebenza kwibhodi yeengcebiso yeLinux Foundation, ulungiselele iseti yeepatches ezisebenzisa indlela ye-killswitch kwi-kernel yeLinux. Olu phawu lucetywayo luvumela ukungasebenzi ngokukhawuleza komsebenzi othile we-kernel. I-killswitch yenzelwe ukuba luncedo ekuthinteleni okwethutyana ubuthathaka de kufakwe uhlaziyo lwe-kernel olunesisombululo.
I-Killswitch ilawulwa ngefayile ethi "/sys/kernel/security/killswitch/control", ekuvumela ukuba ulungiselele ukuvalelwa kweefowuni zomsebenzi we-kernel ngamagama azo. Umzekelo, ukuthintela ubuthathaka be-Copy Fail, yongeza nje umyalelo othi "engage af_alg_sendmsg -1" kwifayile yolawulo ukuze ukwazi ukuvalelwa kwefowuni yomsebenzi we-af_alg_sendmsg kwaye ubuyisele ikhowudi yempazamo ethi "-1" endaweni yoko.
Nabaphi na oonobumba abaxhaswa yinkqubo engaphantsi kwe-kprobes bangasetyenziswa njengamagama. Uninzi lweengxaki ezinkulu zekernel ezifunyenwe kutshanje zikhona kwiinkqubo ezingaphantsi ezisetyenziswa linani elincinci labasebenzisi (umz., AF_ALG, ksmbd, nf_tables, vsock, ax25). Kubasebenzisi abaninzi, ukuphazamiseka kokulahlekelwa ngumsebenzi kwimisebenzi ethile akufanelekanga ukuba kusetyenziswe ikernel enobuthathaka obaziwayo, obungapakishwanga de kufakwe i-patch. Indlela yokwenza i-killswitch ibaluleke kakhulu kumxholo wobuthathaka be-Dirty Frag bangoku, apho kwapapashwa i-exploit ngaphambi kokuba ingxaki ilungiswe kwi-kernel.
umthombo: opennet.ru
