Masu haɓaka aikin Grsecurity fitar da bayanai kan lamuran tsaro an samo a cikin wani facin da aka gabatar don inganta tsaron kwayar Linux ta wani ma'aikacin kamfanin Huawei, kasancewar raunin rashin amfani a cikin facin sa HKSP (Huawei Kernel Kai Kariya).
Waɗannan facin na "HKSP" wani ma'aikacin kamfanin Huawei ne ya buga su kwanaki 5 da suka gabata kuma sun haɗa da ambaton Huawei a cikin bayanan GitHub kuma suna amfani da kalmar Huawei a cikin ƙaddamar da sunan aikin (HKSP - Huawei Kernel Kai Kariya), duk da cewa emplado ya ambaci cewa aikin bashi da wata alaƙa da kamfanin kuma nasa ne.
Wannan aikin ya gudanar da bincike na a lokacinda na samu dama, sunan hksp ne da kaina na bayar, bashi da alaka da kamfanin Huawei, babu wani samfurin Huawei da yake amfani da wannan lambar.
Ni na ƙirƙiri wannan lambar facin, tunda mutum ɗaya baya da ƙarfin kuzari da zai iya rufe komai. Saboda haka, akwai ƙarancin tabbaci mai kyau kamar su bita da gwaji.
Game da HKSP
HKSP ya hada da canje-canje kamar bazuwar na tsarin kasuwanci, kariya daga harin sararin samaniya ID na mai amfani (pidpp suna), aiwatar tari rabuwa daga yankin mmap, aikin kfree na gano kira guda biyu, toshe katanga ta hanyar karya-FS / proc (/ proc / {kayayyaki, mabuɗi, masu amfani da kewaya), / proc / sys / kernel / * da / proc / sys / vm / mmap_min_addr, / proc / kallsyms), ingantaccen bazuwar adiresoshin a cikin sararin masu amfani, ƙarin kariyar Ptrace, ingantaccen kariya na smap da smep, ikon hana aika bayanai ta hanyar ɗan rumfunan, toshe adiresoshin Ba shi da inganci a kan kwandunan UDP da dubawa da amincin ayyukan tafiyarwa.
Tsarin har ila yau ya haɗa da ƙirar ƙirar Ksguard, wanda aka tsara don gano yunƙurin gabatar da tushen rootkits na al'ada.
Facin ya nuna sha'awar Greg Kroah-Hartman, ke da alhakin kiyaye tsayayyen reshe na kwayar Linux, wanda zai ya nemi marubucin ya raba facin monolithic zuwa sassa don sauƙaƙawar bita da kuma ciyarwa zuwa tsakiyar abun da ke ciki.
Kees Cook (Kees Cook), shugaban aikin don inganta fasahar kariya ta aiki a cikin kwayar Linux, shi ma ya yi magana mai gamsarwa game da faci, kuma batutuwan sun ja hankali ga gine-ginen x86 da yanayin sanarwar da yawa hanyoyin da kawai ke yin rikodin bayani game da matsalar, amma ba Gwada toshe ta ba.
Nazarin facin daga masu haɓaka Grsecurity saukar da kwari da rauni da yawa a cikin lambar Hakanan ya nuna babu samfurin barazanar da ke ba da damar cikakken kimantawa game da ƙarfin aikin.
Don nuna cewa an rubuta lambar ba tare da amfani da ingantattun hanyoyin shirye-shirye ba, Misali na rashin rauni mara kyau an bayar dashi a cikin / proc / ksguard / state file handler, wanda aka ƙirƙira shi tare da izini 0777, wanda ke nufin kowa yana da damar yin rubutu.
Aikin ksg_state_write da aka yi amfani da shi don yin nazarin dokokin da aka rubuta a cikin / proc / ksguard / jihar ya haifar da tmp buffer [32], wanda a ciki ake rubuta bayanan dangane da girman operand da aka wuce, ba tare da la'akari da girman abin da aka nufa ba kuma ba tare da dubawa siga da girman kirtani. Watau, don sake rubuta wani bangare na kwaya, maharin kawai yana bukatar rubuta layi ne na musamman a cikin / proc / ksguard / jihar.
Bayan samun amsa, mai haɓakawa yayi sharhi akan shafin GitHub na aikin "HKSP" a baya bayan gano yanayin rauni kuma ya kara bayanin cewa aikin yana cigaba a cikin lokacin sa na bincike.
Godiya ga ƙungiyar tsaro don gano kwari da yawa a cikin wannan facin.
Ksg_guard shine samfurin bit don gano tushen rootkits a matakin kernel, mai amfani da sadarwa na kernel suna ƙaddamar da haɗin gwanon, maƙasudin tushe na shine in bincika ra'ayin da sauri don ban ƙara wadataccen binciken tsaro ba.A zahiri tabbatar da rootkit a matakin kernel har yanzu dole ne ku tattauna da al'umma, idan kuna buƙatar tsara kayan aikin ARK (anti rootkit) don tsarin Linux ...