Abathuthukisi bephrojekthi yeGrsecurity ukhiphe imininingwane ngezindaba zokuphepha lokho kwatholakala ngesiqephu esiphakanyisiwe sokwenza ngcono ukuphepha kwe-Linux kernel ngumsebenzi weHuawei, ubukhona bokuba sengozini okuxhashazwa kancane kusethi ye-patch I-HKSP (IHuawei Kernel Self Protection).
Lezi ziqeshana ze- "HKSP" zashicilelwa ngumsebenzi weHuawei ezinsukwini eziyi-5 ezedlule futhi zifaka nokushiwo ngeHuawei kuphrofayili yeGitHub futhi zisebenzisa igama elithi Huawei ekuchazeni igama lephrojekthi (HKSP - Huawei Kernel Self Protection), noma ngabe i-emplado ibalula ukuthi iphrojekthi ayihlangene nakancane nenkampani futhi ingeyakhe.
Le phrojekthi yenze ucwaningo lwami ngesikhathi sami sokuphumula, igama le-hksp ngilinikwe yimina, alihlobene nenkampani yeHuawei, awukho umkhiqizo weHuawei osebenzisa le khodi.
Le khodi yama-patch yenziwe yimina, njengoba umuntu oyedwa engenawo amandla anele ukumboza yonke into. Ngakho-ke, kukhona ukuntuleka kokuqinisekiswa kwekhwalithi njengokubuyekeza nokuhlolwa.
Mayelana ne-HKSP
I-HKSP ifaka phakathi izinguquko ezinjengokungahleliwe kwe hlela ama-tradeoffs, ukuvikelwa kokuhlasela kwe-namespace i-ID yomsebenzisi (i-namespace pid), inqubo yokuhlukanisa isitaki kusuka endaweni ye-mmap, ukutholwa kfree function kabili, ukuvimba okuvuzayo nge-mbumbulu-FS / proc (/ proc / {modules, keys, key key}, / proc / sys / kernel / * and / proc / sys / vm / mmap_min_addr, / proc / kallsyms), ukuthuthukiswa okungahleliwe kwamakheli esikhaleni somsebenzisi, ukuvikelwa okwengeziwe kwe-Ptrace, ukuvikelwa okuthuthukile kokushaywa nokushaywa, amandla okuvimbela ukuthumela idatha ngamasokhethi aluhlaza, ukuvimba amakheli angavumelekile kumasokhethi e-UDP kanye nokuhlola nobuqotho bezinqubo ezisebenzayo.
Uhlaka lubandakanya nemodyuli yeKsguard kernel, ehlose ukukhomba imizamo yokwethula izimpande ezijwayelekile.
Lezi zimaki zivuse intshisekelo kuGreg Kroah-Hartman, obhekene nokugcina igatsha elizinzile le-Linux kernel, elizokwenza icele umbhali ukuthi ahlukanise isiqeshana se-monolithic sibe izingxenye ukwenza lula ukubuyekeza kanye nokwenyuselwa ekwakhiweni okuphakathi.
U-Kees Cook (Kees Cook), inhloko yephrojekthi yokuqhakambisa ubuchwepheshe bokuvikela obusebenzayo ku-Linux kernel, uphinde wakhuluma kahle ngama-patches, futhi izingqinamba zadonsela ukunakekela ekwakhiweni kwe-x86 kanye nohlobo lokwazisa ngezindlela eziningi ezirekhoda imininingwane kuphela mayelana inkinga, kepha hhayi Zama ukuyivimba.
Isifundo se-patch ngabathuthukisi be-Grsecurity iveze izimbungulu eziningi nobuthakathaka kukhodi Kubuye kwakhombisa ukungabikho kwemodeli yokusongela evumela ukuhlolwa okwanele kwamandla wephrojekthi.
Ukukhombisa ukuthi ikhodi ibhalwe ngaphandle kokusebenzisa izindlela zokuphepha ezivikelekile, Isibonelo sobucayi obuncane sinikezwa kumphathi wefayela / proc / ksguard / state, owenziwe ngezimvume u-0777, okusho ukuthi wonke umuntu unokufinyelela kokubhala.
Umsebenzi we-ksg_state_write osetshenziselwe ukuhlaziya imiyalo ebhalwe ku- / proc / ksguard / state yakha i-tamper tmp [32], lapho idatha ibhalwa khona kususelwa kusayizi we-opharetha edlulisiwe, kungakhathalekile ukuthi usayizi we-buffer yendawo oya kuyo nangaphandle kokuhlola ipharamitha enosayizi wentambo. Ngamanye amagama, ukubhala ngaphezulu ingxenye yesitaki se-kernel, umhlaseli udinga kuphela ukubhala umugqa owenziwe ngokukhethekile ku / proc / ksguard / state.
Lapho uthola impendulo, unjiniyela ubeke amazwana ekhasini le-GitHub lephrojekthi "HKSP" ngemuva kokutholakala kobungozi futhi wengeza inothi ukuthi iphrojekthi iqhubeka ngesikhathi sakhe sokuphumula sokucwaninga.
Ngenxa yethimba lezokuphepha ngokuthola izimbungulu eziningi kulesi siqephu.
I-ksg_guard iyisampula elincane lokuthola ama-rootkits ezingeni le-kernel, ukuxhumana komsebenzisi ne-kernel kwethula i-interface ye-proc, inhloso yami yomthombo ukubheka lo mbono ngokushesha ukuze ngingangezi amasheke ezokuphepha anele.Empeleni ukuqinisekisa i-rootkit ezingeni le-kernel kusamele uxoxe nomphakathi, uma kunesidingo sokwakha ithuluzi le-ARK (anti rootkit) lohlelo lweLinux ...