U-Andrey Konovalov wakwa-Google indlela yokukhubaza ukude ukuvikela okunikezwa kuphakheji ye-Linux kernel ehanjiswe no-Ubuntu (amasu aphakanyiswe ngokombono sebenza ne-kernel ye-Fedora nokunye ukusatshalaliswa, kepha azihlolwa).
I-Lockdown ikhawulela ukufinyelela komsebenzisi ku-kernel futhi ivimba izindlela zokudlula ze-UEFI Secure Boot. Isibonelo, kwimodi yokukhiya, ukufinyelela ku-/dev/mem, /dev/kmem, /dev/port, /proc/kcore, debugfs, kprobes mode debugging, mmiotrace, tracefs, BPF, PCMCIA CIS (Isakhiwo Solwazi Lwekhadi), okunye I-interface ikhawulelwe i-ACPI kanye namarejista e-MSR e-CPU, amakholi aya ku-kexec_file kanye ne-kexec_load avinjelwe, imodi yokulala ayivunyelwe, ukusetshenziswa kwe-DMA kumadivayisi we-PCI kunqunyelwe, ukungeniswa kwekhodi ye-ACPI kusuka kokuguquguqukayo kwe-EFI akuvunyelwe, ukukhohlisa ngezimbobo ze-I/O akuvunyelwe. okuvunyelwe, okuhlanganisa ukushintsha inombolo yokuphazamiseka kanye nembobo ye-I/O yembobo yomkhiqizo.
Indlela ye-Lockdown isanda kwengezwa ku-Linux kernel enkulu , kodwa kuma-kernels ahlinzekwe ekusatshalalisweni kusasetshenziswa ngendlela yamapeshi noma kulekelelwa ngeziqephu. Omunye umehluko phakathi kwezengezo ezinikezwe kumakhithi okusabalalisa kanye nokusetshenziswa okwakhelwe ku-kernel yikhono lokukhubaza ukukhiya okunikeziwe uma unokufinyelela ngokomzimba ohlelweni.
Ku-Ubuntu ne-Fedora, inhlanganisela yokhiye i-Alt+SysRq+X inikezwa ukukhubaza i-Lockdown. Kuyaqondakala ukuthi inhlanganisela Alt+SysRq+X ingasetshenziswa kuphela ngokufinyelela ngokomzimba kudivayisi, futhi esimweni sokugebenga okukude nokuthola ukufinyelela kwezimpande, umhlaseli ngeke akwazi ukukhubaza i-Lockdown futhi, isibonelo, ukulayisha imojula ene-rootkit engasayinwanga ngokwedijithali ku-kernel.
U-Andrey Konovalov ubonise ukuthi izindlela ezisuselwe kukhibhodi zokuqinisekisa ubukhona bokusebenza bomsebenzisi azisebenzi. Indlela elula yokukhubaza i-Lockdown kungaba ukwenza ngokohlelo ucindezela u-Alt+SysRq+X nge/dev/uinput, kodwa le nketho ivinjiwe ekuqaleni. Ngesikhathi esifanayo, kwakungenzeka ukuhlonza okungenani izindlela ezimbili ezengeziwe zokufaka esikhundleni i-Alt+SysRq+X.
Indlela yokuqala ibandakanya ukusebenzisa isixhumi esibonakalayo “sysrq-trigger” - ukuyifanisa, vele uvule lesi sikhombimsebenzisi ngokubhala “1” kuya ku/proc/sys/kernel/sysrq, bese ubhala “x” ku-/proc/sysrq-trigger. Kusho i-loophole ku-December Ubuntu kernel update naku-Fedora 31. Kuyaphawuleka ukuthi abathuthukisi, njengasendabeni ye-/dev/uinput, ekuqaleni vimba le ndlela, kodwa ukuvimba akusebenzanga ngenxa ngekhodi.
Indlela yesibili ibandakanya ukulingisa ikhibhodi nge bese ithumela ukulandelana kwe-Alt+SysRq+X kusuka kukhibhodi ebonakalayo. I-USB/IP kernel ehanjiswe no-Ubuntu inikwe amandla ngokuzenzakalela (CONFIG_USBIP_VHCI_HCD=m kanye ne-CONFIG_USBIP_CORE=m) futhi ihlinzeka ngamamojula we-usbip_core kanye ne-vhci_hcd adingekayo ukuze asebenze. Umhlaseli angakwazi idivayisi ye-USB ebonakalayo, isibambi senethiwekhi kusixhumi esibonakalayo se-loopback futhi siyixhume njengedivayisi ye-USB ekude kusetshenziswa i-USB/IP. Mayelana nendlela eshiwo kubathuthukisi be-Ubuntu, kodwa ukulungiswa akukakakhululwa.
Source: opennet.ru