I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > out-of-tree v1.0.0 - amathuluzi okuthuthukisa kanye nokuhlola ukuxhashazwa kanye namamojula we-Linux kernel

out-of-tree v1.0.0 - amathuluzi okuthuthukisa kanye nokuhlola ukuxhashazwa kanye namamojula we-Linux kernel


out-of-tree v1.0.0 - amathuluzi okuthuthukisa kanye nokuhlola ukuxhashazwa kanye namamojula we-Linux kernel

Inguqulo yokuqala (v1.0.0) ye-out-of-tree, ikhithi yamathuluzi yokuthuthukisa nokuhlola imisebenzi namamojula we-Linux kernel, yakhululwa.

ukuphuma kwesihlahla kukuvumela ukuthi wenze ngokuzenzakalelayo ezinye izenzo zenjwayelo ukuze udale izindawo zokulungisa amamojula we-kernel nokuxhashazwa, ukhiqize izibalo zokwethenjelwa kokuxhashazwa, futhi kunikeze amandla okuhlanganisa kalula ku-CI (Ukuhlanganisa Okuqhubekayo).

Imojula ngayinye ye-kernel noma i-exploit ichazwa ifayela elithi .out-of-tree.toml, elicacisa ulwazi mayelana nendawo edingekayo kanye (uma kuwukuxhashazwa) imikhawulo ekusebenzeni phambi kokunciphisa okuthile kokuvikeleka.

Ikhithi yamathuluzi iphinde ikuvumela ukuthi ukhombe izinguqulo ezithile ze-kernel ezithintwa ubungozi (usebenzisa --guess umyalo), futhi ingasetshenziswa ukwenza lula ukusesha kanambambili kokuzibophezela okuthile.

Ngezansi kunohlu lwezinguquko kusukela kunguqulo ye-v0.2.

Kungeziwe

  • Kusetshenziswe ikhono lokukhawulela inani lama-kernel autogen akhiqiziwe (out-of-tree kernel autogen) (ngokusekelwe encazelweni ethi .out-of-tree.toml) kanye nokuhlola ukugijima (isihlalo esingaphandle kwesihlahla) kusetshenziswa i-β€”max= X ipharamitha.

  • Umyalo omusha we-genall, okuvumela ukuthi ukhiqize zonke izinhlamvu zokusabalalisa nenguqulo ethile.

  • Wonke amalogi manje agcinwe kusizindalwazi se-sqlite3. Imiyalo esetshenzisiwe yemibuzo elula edingeka njalo, kanye nokuthekelisa idatha ku-json kanye nokumaka.

  • Izibalo ezisetshenzisiwe zamathuba okusebenza ngempumelelo (okusekelwe ekuqalisweni kwangaphambilini).

  • Ikhono lokulondoloza imiphumela yokwakha (ipharamitha entsha --dist yomyalelo wokuhlala ngaphandle kwesihlahla)

  • Usekelo lokukhiqiza imethadatha yama-kernels afakwe kusistimu yokusingatha, kanye nokwakha ngqo kumsingathi.

  • Usekelo lwezinhlamvu zenkampani yangaphandle.

  • Indawo yokususa iphutha engaphandle kwesihlahla manje isesha ngokuzenzakalela izimpawu zokususa iphutha ohlelweni lomsingathi.

  • Kwengezwe amandla okuphatha ukuncishiswa kokuvikeleka ngokuvumela/khubaza amafulegi i-KASLR, i-SMEP, i-SMAP ne-KPTI phakathi nokulungisa iphutha.

  • Kwengezwe ipharamitha --threads=N kumyalo wokuhlola isihlalo esingaphandle kwesihlahla, esingasetshenziswa ukucacisa inani lemicu lapho kwakhiwe/kuqhutshwa futhi kuhlolwe izinto ezisetshenziswayo kanye namamojula we-kernel.

  • Ikhono lokusetha umaka ozorekhodwa kulogi futhi angasetshenziswa ukubala izibalo.

  • Kwengezwe ikhono lokucacisa inguqulo ye-kernel ngaphandle kokusebenzisa izinkulumo ezivamile.

  • Umyalo wephakethe elisha, elisetshenziselwa ukuhlolwa kobuningi bokuxhaphaza kanye namamojula we-kernel kuma-subdirectories.

  • Ekucushweni (.out-of-tree.toml) kwemojuli ye-exploit ne-kernel, amandla okukhubaza i-KASLR, i-SMEP, i-SMAP ne-KPTI yengeziwe, futhi kucaciswe inombolo edingekayo yama-cores nenkumbulo.

  • Manje izithombe (ama-rootfs) zilayishwa ngokuzenzakalelayo ngenkathi i-kernel autogen isebenza. i-bootstrap ayisadingeki.

  • Ukusekelwa kwama-kernel e-CentOS.

Izinguquko

  • Manje, uma singekho isithombe (rootfs) senguqulo edingekayo yokusabalalisa, ngaphandle kwesihlahla kuzozama ukusebenzisa isithombe senguqulo eseduze. Isibonelo, isithombe se-Ubuntu 18.04 se-Ubuntu 18.10.

  • Manje ukuhlolwa kwamamojula e-kernel ngeke kubhekwe njengokuhluleka uma engekho (akukho kuhlola - awekho amaphutha!).

  • Manje okungaphandle kwesihlahla kuzobuyisela ikhodi yephutha engalungile uma okungenani isigaba esisodwa (ukwakha, ukuqaliswa noma ukuhlola) kunoma iyiphi i-cores yehlulekile.

  • Iphrojekthi isishintshele ekusebenziseni amamojula we-Go, ukwakha nge-GO111MODULE=kuvuliwe manje kuyakhethwa.

  • Kwengezwe izivivinyo ezizenzakalelayo.

  • Manje i-Test.sh izosetshenziswa ngokuzenzakalela uma ukuhlanganisa ku-${TARGET}_test kungenziwanga ku-Makefile.

  • Ilogi ye-kernel ayisasulwa ngaphambi kokusebenzisa imojuli ye-kernel noma i-exploit. Okunye ukuphumelela kusebenzisa ukuvuza kwe-kernel base ku-dmesg ukuze kudlule i-KASLR, ngakho-ke ukuhlanza kungase kwephule ingqondo esetshenzisiwe yokuxhaphaza.

  • I-qemu/kvm manje isebenzisa wonke amakhono omcubungula womsingathi.

Kususiwe

  • I-Kernel Factory isuswe ngokuphelele ngenxa yokuqaliswa kokukhiqizwa kwe-kernel okusekelwe kuma-Dockerfiles avuselelwe ngokuqhubekayo.

  • I-bootstrap ayenzi lutho olunye. Umyalo uzokhishwa ekukhishweni okulandelayo.

Kulungisiwe

  • Ku-macOS, i-GNU coreutils ayisadingeki ukuthi isebenze.

  • Amafayela esikhashana ahanjiswe kokuthi ~/.out-of-tree/tmp/ ngenxa yamaphutha akhulayo ngaphakathi kwedokha kwamanye amasistimu.

Source: linux.org.ru

Engeza amazwana