Ivo vanogadzira chirongwa cheGrsecurity yakaburitsa ruzivo nezve nyaya dzekuchengetedza izvo zvakawanikwa mune chigamba chakatsanangurwa chekuvandudza Linux kernel chengetedzo nemushandi weHuawei, kuvepo kwekusagadzikana kushomeka kwakashandiswa mune chigamba chakaiswa HKSP (Huawei Kernel Kuzvidzivirira).
Aya "HKSP" zvigamba zvakaburitswa nemushandi weHuawei mazuva mashanu apfuura uye anosanganisira kutaurwa kweHuawei muprofita yeGitHub uye shandisa izwi rekuti Huawei mukumisikidza zita reprojekiti (HKSP - Huawei Kernel Kuzvidzivirira), kunyangwe Emplado ichitaura kuti chirongwa ichi hachinei nekambani uye ndeyake.
Iyi purojekiti yaita tsvagiridzo yangu munguva yangu yekusara, zita rehksp rakapihwa neni, harinei necompany yekambani yeHuawei, hapana chigadzirwa cheHuawei chinoshandisa kodhi iyi.
Iyi kodhi yekodhi yakagadzirwa neni, semunhu mumwe asina simba rakakwana kuvhara zvese. Naizvozvo, iko kushaikwa kwehutano hwechokwadi senge ongororo uye bvunzo.
Nezve HKSP
HKSP inosanganisira shanduko senge kusarongeka kwe gadzira tradeoffs, namespace attack attack Mushandisi ID (pid namespace), process kupatsanura mmap nharaunda, kfree basa kaviri kufona, kuvhunduka kunovharidzira kuburikidza pseudo-FS / proc (/ proc / {module, makiyi, vashandisi vekiyi}, / proc / sys / kernel / * uye / proc / sys / vm / mmap_min_addr, / proc / kallsyms), yakagadziridzwa kusarudzika kwemaateresi munzvimbo yemushandisi, kumwe kuchengetedzwa kwePtrace, kuchengetedzwa kwakakwenenzverwa kwekurova uye kupwanya, kugona kurambidza kutumira dhata kuburikidza nezvigadziko zvisina mbichana, kuvhara makero Asingaenderane nezvigadziko zveDP uye macheki uye kuvimbika kwemaitiro ekumhanya.
Iyo sisitimu inosanganisirawo iyo Ksguard kernel module, inoitirwa kuona kuyedza kuunza yakajairwa rootkits.
Zvimedu zvakamutsa kufarira kuna Greg Kroah-Hartman, basa rekuchengetedza bazi rakagadzikana reLinux kernel, ndiani acha yakabvunza munyori kuti agovane monolithic chigamba muzvikamu kuti kurerutsa kudzokorora uye kusimudzira kune yepakati kuumbwa.
Kees Cook (Kees Cook), musoro wepurojekiti yekusimudzira tekinoroji inodzivirira muLinux kernel, akataura zvakare zvakanaka nezve zvigamba, uye nyaya dzakatarisana neyakavakirwa x86 uye chimiro chekuzivisa kwema modhi mazhinji ayo anongonyora ruzivo nezve dambudziko, asi kwete Edza kuzvivharira.
Chidzidzo chechigamba nevagadziri veKuchengeteka yakaratidza akawanda madudu uye kushaya simba mukodhi uye zvakare yakaratidza kusavapo kwemhando yekutyisidzira iyo inobvumidza kuongororwa kwakakwana kwesimba reprojekiti
Kuenzanisira kuti kodhi yacho yakanyorwa pasina kushandisa nzira dzakachengeteka dzekugadzira, Muenzaniso wekusagadzikana kudiki unopihwa mu / proc / ksguard / state faira rinobata, iro rakagadzirwa nemvumo 0777, zvinoreva kuti munhu wese anokwanisa kunyora.
Iyo ksg_state_write basa rinoshandiswa kuenzanisa mirairo yakanyorwa mu / proc / ksguard / nyika inogadzira buffer tmp [32], mune iyo data yakanyorwa zvichibva pahukuru hweiyo yakapfuura operand, pasina kufunga nezve saizi yekuenda buffer uye pasina kutarisa iyo paramende ine saizi yetambo. Mune mamwe mazwi, kunyora chikamu chekernel stack, uyo anorwisa anongoda kunyora mutsetse wakagadzirwa mu / proc / ksguard / nyika.
Pakugamuchira mhinduro, iye anovandudza akataura pamusoro peGitHub peji reiyo projekiti "HKSP" achidzora mushure mekutsvaga kwekushomeka akawedzerawo chinyorwa chekuti chirongwa ichi chiri kufambira mberi munguva yake yekutsvagisa
Kutenda kune timu yekuchengetedza nekutsvaga akawanda mabugs mune ino chigamba.
Iyo ksg_guard ndiyo samuenzaniso yekutsvaga rootkits padanho rekernel, mushandisi uye kernel kutaurirana kuri kuvhura iyo pro interface, yangu sosi chinangwa ndechekutarisa zano nekukurumidza kuti ndirege kuwedzera zvakakwana chekuchengetedza cheki.Chaizvoizvo kuongorora rootkit padanho rekernel iwe uchiri kufanira kukurukura nenharaunda, kana zvichidikanwa kugadzira ARK (anti rootkit) chishandiso cheLinux system ...