USasha Levin wase-NVIDIA, onakekela amagatsha e-LTS kernel Linux kanye nelungu lebhodi lezeluleko lenhlangano Linux Isisekelo, salungisa isethi yama-patches ngokusebenzisa indlela yokubulala i-kernel LinuxIsici esiphakanyisiwe sivumela ukukhubaza okusheshayo ukufinyelela ekusebenzeni okuthile kwe-kernel esebenzayo. I-Killswitch kulindeleke ukuthi ibe usizo ekuvimbeleni okwesikhashana ubuthakathaka kuze kube yilapho kufakwa isibuyekezo se-kernel esinokulungiswa.
I-Killswitch ilawulwa ngefayela elithi "/sys/kernel/security/killswitch/control", elikuvumela ukuthi ulungiselele ukuvalelwa kwezingcingo zomsebenzi we-kernel ngamagama azo. Isibonelo, ukuvimba ubungozi be-Copy Fail, mane nje ungeze umyalo othi "engage af_alg_sendmsg -1" kufayela lokulawula ukuze unike amandla ukuvalelwa kwezingcingo zomsebenzi we-af_alg_sendmsg bese ubuyisela ikhodi yephutha elithi "-1" esikhundleni salokho.
Noma yiziphi izinhlamvu ezisekelwa yi-subsystem ye-kprobes zingasetshenziswa njengamagama. Iningi lobuthakathaka obukhulu be-kernel obutholakale muva nje bukhona ezinhlelweni ezisetshenziswa inani elincane labasebenzisi (isb., AF_ALG, ksmbd, nf_tables, vsock, ax25). Kubasebenzisi abaningi, ukuphazamiseka kokulahlekelwa ukusebenza emisebenzini ethile akufaneleki ingozi yokusebenzisa i-kernel enobuthakathaka obaziwayo, obungashintshwanga kuze kufakwe i-patch. Indlela ye-killswitch ibaluleke kakhulu kumongo wobuthakathaka be-Dirty Frag bamanje, lapho kwashicilelwa khona i-exploit ngaphambi kokuba inkinga ilungiswe ku-kernel.
Source: opennet.ru
