Inguqulo yokuqala (v1.0.0) ye-out-of-tree, ikhithi yamathuluzi yokuthuthukisa nokuhlola imisebenzi namamojula we-Linux kernel, yakhululwa.
ukuphuma kwesihlahla kukuvumela ukuthi wenze ngokuzenzakalelayo ezinye izenzo zenjwayelo ukuze udale izindawo zokulungisa amamojula we-kernel nokuxhashazwa, ukhiqize izibalo zokwethenjelwa kokuxhashazwa, futhi kunikeze amandla okuhlanganisa kalula ku-CI (Ukuhlanganisa Okuqhubekayo).
Imojula ngayinye ye-kernel noma i-exploit ichazwa ifayela elithi .out-of-tree.toml, elicacisa ulwazi mayelana nendawo edingekayo kanye (uma kuwukuxhashazwa) imikhawulo ekusebenzeni phambi kokunciphisa okuthile kokuvikeleka.
Ikhithi yamathuluzi iphinde ikuvumela ukuthi ukhombe izinguqulo ezithile ze-kernel ezithintwa ubungozi (usebenzisa --guess umyalo), futhi ingasetshenziswa ukwenza lula ukusesha kanambambili kokuzibophezela okuthile.
Ngezansi kunohlu lwezinguquko kusukela kunguqulo ye-v0.2.
Kungeziwe
-
Kusetshenziswe ikhono lokukhawulela inani lama-kernel autogen akhiqiziwe (out-of-tree kernel autogen) (ngokusekelwe encazelweni ethi .out-of-tree.toml) kanye nokuhlola ukugijima (isihlalo esingaphandle kwesihlahla) kusetshenziswa i-βmax= X ipharamitha.
-
Umyalo omusha we-genall, okuvumela ukuthi ukhiqize zonke izinhlamvu zokusabalalisa nenguqulo ethile.
-
Wonke amalogi manje agcinwe kusizindalwazi se-sqlite3. Imiyalo esetshenzisiwe yemibuzo elula edingeka njalo, kanye nokuthekelisa idatha ku-json kanye nokumaka.
-
Izibalo ezisetshenzisiwe zamathuba okusebenza ngempumelelo (okusekelwe ekuqalisweni kwangaphambilini).
-
Ikhono lokulondoloza imiphumela yokwakha (ipharamitha entsha --dist yomyalelo wokuhlala ngaphandle kwesihlahla)
-
Usekelo lokukhiqiza imethadatha yama-kernels afakwe kusistimu yokusingatha, kanye nokwakha ngqo kumsingathi.
-
Usekelo lwezinhlamvu zenkampani yangaphandle.
-
Indawo yokususa iphutha engaphandle kwesihlahla manje isesha ngokuzenzakalela izimpawu zokususa iphutha ohlelweni lomsingathi.
-
Kwengezwe amandla okuphatha ukuncishiswa kokuvikeleka ngokuvumela/khubaza amafulegi i-KASLR, i-SMEP, i-SMAP ne-KPTI phakathi nokulungisa iphutha.
-
Kwengezwe ipharamitha --threads=N kumyalo wokuhlola isihlalo esingaphandle kwesihlahla, esingasetshenziswa ukucacisa inani lemicu lapho kwakhiwe/kuqhutshwa futhi kuhlolwe izinto ezisetshenziswayo kanye namamojula we-kernel.
-
Ikhono lokusetha umaka ozorekhodwa kulogi futhi angasetshenziswa ukubala izibalo.
-
Kwengezwe ikhono lokucacisa inguqulo ye-kernel ngaphandle kokusebenzisa izinkulumo ezivamile.
-
Umyalo wephakethe elisha, elisetshenziselwa ukuhlolwa kobuningi bokuxhaphaza kanye namamojula we-kernel kuma-subdirectories.
-
Ekucushweni (.out-of-tree.toml) kwemojuli ye-exploit ne-kernel, amandla okukhubaza i-KASLR, i-SMEP, i-SMAP ne-KPTI yengeziwe, futhi kucaciswe inombolo edingekayo yama-cores nenkumbulo.
-
Manje izithombe (ama-rootfs) zilayishwa ngokuzenzakalelayo ngenkathi i-kernel autogen isebenza. i-bootstrap ayisadingeki.
-
Ukusekelwa kwama-kernel e-CentOS.
Izinguquko
-
Manje, uma singekho isithombe (rootfs) senguqulo edingekayo yokusabalalisa, ngaphandle kwesihlahla kuzozama ukusebenzisa isithombe senguqulo eseduze. Isibonelo, isithombe se-Ubuntu 18.04 se-Ubuntu 18.10.
-
Manje ukuhlolwa kwamamojula e-kernel ngeke kubhekwe njengokuhluleka uma engekho (akukho kuhlola - awekho amaphutha!).
-
Manje okungaphandle kwesihlahla kuzobuyisela ikhodi yephutha engalungile uma okungenani isigaba esisodwa (ukwakha, ukuqaliswa noma ukuhlola) kunoma iyiphi i-cores yehlulekile.
-
Iphrojekthi isishintshele ekusebenziseni amamojula we-Go, ukwakha nge-GO111MODULE=kuvuliwe manje kuyakhethwa.
-
Kwengezwe izivivinyo ezizenzakalelayo.
-
Manje i-Test.sh izosetshenziswa ngokuzenzakalela uma ukuhlanganisa ku-${TARGET}_test kungenziwanga ku-Makefile.
-
Ilogi ye-kernel ayisasulwa ngaphambi kokusebenzisa imojuli ye-kernel noma i-exploit. Okunye ukuphumelela kusebenzisa ukuvuza kwe-kernel base ku-dmesg ukuze kudlule i-KASLR, ngakho-ke ukuhlanza kungase kwephule ingqondo esetshenzisiwe yokuxhaphaza.
-
I-qemu/kvm manje isebenzisa wonke amakhono omcubungula womsingathi.
Kususiwe
-
I-Kernel Factory isuswe ngokuphelele ngenxa yokuqaliswa kokukhiqizwa kwe-kernel okusekelwe kuma-Dockerfiles avuselelwe ngokuqhubekayo.
-
I-bootstrap ayenzi lutho olunye. Umyalo uzokhishwa ekukhishweni okulandelayo.
Kulungisiwe
-
Ku-macOS, i-GNU coreutils ayisadingeki ukuthi isebenze.
-
Amafayela esikhashana ahanjiswe kokuthi ~/.out-of-tree/tmp/ ngenxa yamaphutha akhulayo ngaphakathi kwedokha kwamanye amasistimu.
Source: linux.org.ru