U-Andrey Konovalov wakwa-Google
I-Lockdown ikhawulela ukufinyelela komsebenzisi ku-kernel futhi ivimba izindlela zokudlula ze-UEFI Secure Boot. Isibonelo, kwimodi yokukhiya, ukufinyelela ku-/dev/mem, /dev/kmem, /dev/port, /proc/kcore, debugfs, kprobes mode debugging, mmiotrace, tracefs, BPF, PCMCIA CIS (Isakhiwo Solwazi Lwekhadi), okunye I-interface ikhawulelwe i-ACPI kanye namarejista e-MSR e-CPU, amakholi aya ku-kexec_file kanye ne-kexec_load avinjelwe, imodi yokulala ayivunyelwe, ukusetshenziswa kwe-DMA kumadivayisi we-PCI kunqunyelwe, ukungeniswa kwekhodi ye-ACPI kusuka kokuguquguqukayo kwe-EFI akuvunyelwe, ukukhohlisa ngezimbobo ze-I/O akuvunyelwe. okuvunyelwe, okuhlanganisa ukushintsha inombolo yokuphazamiseka kanye nembobo ye-I/O yembobo yomkhiqizo.
Indlela ye-Lockdown isanda kwengezwa ku-Linux kernel enkulu
Ku-Ubuntu ne-Fedora, inhlanganisela yokhiye i-Alt+SysRq+X inikezwa ukukhubaza i-Lockdown. Kuyaqondakala ukuthi inhlanganisela Alt+SysRq+X ingasetshenziswa kuphela ngokufinyelela ngokomzimba kudivayisi, futhi esimweni sokugebenga okukude nokuthola ukufinyelela kwezimpande, umhlaseli ngeke akwazi ukukhubaza i-Lockdown futhi, isibonelo, ukulayisha imojula ene-rootkit engasayinwanga ngokwedijithali ku-kernel.
U-Andrey Konovalov ubonise ukuthi izindlela ezisuselwe kukhibhodi zokuqinisekisa ubukhona bokusebenza bomsebenzisi azisebenzi. Indlela elula yokukhubaza i-Lockdown kungaba ukwenza ngokohlelo
Indlela yokuqala ibandakanya ukusebenzisa isixhumi esibonakalayo “sysrq-trigger” - ukuyifanisa, vele uvule lesi sikhombimsebenzisi ngokubhala “1” kuya ku/proc/sys/kernel/sysrq, bese ubhala “x” ku-/proc/sysrq-trigger. Kusho i-loophole
Indlela yesibili ibandakanya ukulingisa ikhibhodi nge
Source: opennet.ru