An gano raunin 8 a cikin GRUB2 wanda ke ba da izinin aiwatar da lambar da ba a tantance ba

Darkcrizt

4 minti

Kwanan nan Bayani kan raunin 8 a cikin GRUB2 bootloader an sake shi, cewa yana ba da izinin ƙetare kayan aikin boot na UEFI da kuma tabbatar da lambar da ba a tantance baMisali, don allurar malware da ke gudana a bootloader ko matakin kernel.

Ka tuna cewa a cikin yawancin rarraba Linux, don tabbataccen boot a cikin yanayin ƙaura na UEFI amintacce, ana amfani da ƙaramin layin diyya wanda aka sanya hannu ta hanyar sa hannun dijital na Microsoft.

Wannan rukunin yana tabbatar da GRUB2 akan takaddar takaddar sa, yana bawa masu haɓaka damar ba da tabbacin kowane kwaya da sabuntawa daga GRUB zuwa Microsoft.

Tare da cewa yanayin rauni a cikin GRUB2 yana ba ku damar aiwatar da lambar ku a cikin matakin tabbatarwa bayan nasarar gyarawa, amma kafin tsarin aiki yayi nauyi, dacewa cikin sashin amintuwa lokacin da Takardar Amintaccen aiki ke aiki da kuma samun cikakken iko akan aikin taya na gaba, gami da kunna wani tsarin aiki, gyara tsarin kayan aikin tsarin aiki da kewaye makullin kariya .

Kamar yadda yake a cikin yanayin raunin BootHole daga bara, sabunta bootloader bai isa ya toshe matsalar baA matsayina na mai kawo hari, ba tare da la'akari da tsarin aiki da aka yi amfani da shi ba, na iya amfani da kafofin watsa labaru tare da tsohuwar sigar GRUB2, wanda aka tabbatar da sa hannu na dijital, don sasanta UEFI Secure Boot.

An warware matsalar kawai ta hanyar sabunta jerin takaddun takaddun da aka soke (dbx, Jerin Sokewa na UEFI), amma a wannan yanayin, ikon amfani da tsohuwar hanyar watsa labarai tare da Linux zai ɓace.

A kan tsarin tare da firmware inda aka sabunta jerin takaddun takaddun da aka soke, za a iya shigar da sabbin abubuwan rarraba Linux kawai a cikin yanayin Secaura na Tsaron UEFI.

Rarrabawa za su buƙaci sabunta masu sakawa, bootloaders, kunshin kernel, fwupd firmware, da kuma tsarin biyan diyya ta hanyar samar musu da sabbin sa hannun dijital.

Masu amfani za su buƙaci sabunta hotunan shigarwa da sauran kafofin watsa labarai na taya kuma zazzage jerin soke takardar shaidar (dbx) a cikin firmware na UEFI. Har zuwa sabunta dbx a cikin UEFI, tsarin ya kasance mai rauni ba tare da la'akari da shigarwar sabuntawa a cikin tsarin aiki ba.

Don magance matsalolin da aka samo na rarraba takaddun da aka soke, an shirya amfani da tsarin SBAT a nan gaba (UEFI Secure Boot Advanced Targeting), wanda yanzu yake tallafawa GRUB2, shim, da fwupd, kuma zai maye gurbin ayyukan da dbxtool ɗin ya bayar a cikin abubuwan sabuntawa na gaba. SBAT ya kasance haɓaka tare da Microsoft don ƙara sabon metadata zuwa fayilolin zartarwa na ɓangarorin UEFI, wanda ya haɗa da masana'antun, samfurin, ɓangaren, da bayanin sigar.

Daga abubuwan da aka gano na rauni:

  1. CVE-2020-14372- Tare da umarnin acpi akan GRUB2, mai amfani da dama akan tsarin yanki na iya loda teburin ACPI da aka gyara ta sanya SSDT (teburin bayanin tsarin na biyu) a cikin / boot / efi directory da canza saitunan a cikin grub.cfg.
  2. BAKU-2020-25632: samun dama zuwa yankin ƙwaƙwalwar da aka riga aka 'yanta (amfani-bayan-kyauta) a aiwatar da umarnin rmmod, wanda aka bayyana yayin ƙoƙarin saukar da kowane rukuni ba tare da la'akari da abubuwan dogaro da ke tattare da shi ba.
  3. BAKU-2020-25647: Rubuta daga iyakoki a cikin aikin grub_usb_device_initialize () wanda ake kira yayin fara na'urorin USB. Za'a iya amfani da matsalar ta hanyar haɗawa da kebul na USB wanda aka keɓance musamman wanda ke haifar da sigogi waɗanda basu dace da girman ma'ajin abin da aka keɓe don tsarin USB ba.
  4. BAKU-2020-27749: yin ambaliya a cikin grub_parser_split_cmdline () wanda ana iya haifar dashi ta hanyar tantance masu canji da suka fi 1 KB girma a layin umarnin GRUB2. Rashin lafiyar zai iya ba da izinin aiwatar da lambar ba tare da shiga Takamaiman Boot ba.
  5. BAKU-2020-27779: Umurnin cutmem yana bawa maharin damar cire jerin adiresoshin daga ƙwaƙwalwar ajiya don ƙetare amintaccen taya.
  6. BAKU-2021-3418: canje-canje zuwa shim_lock ya ƙirƙiri ƙarin veto don amfani da raunin CVE-2020-15705 na shekarar da ta gabata. Ta shigar da takardar shaidar da aka yi amfani da ita don sa hannu kan GRUB2 a cikin dbx, GRUB2 ya ba kowane kernel damar ɗorawa kai tsaye ba tare da tabbatar da sa hannu ba.
  7. BAKU-2021-20225: ikon rubuta bayanai daga maɓallin lokacin aiwatar da umarni tare da adadi mai yawa na zaɓuɓɓuka.
  8. BAKU-2021-20233: Ikon rubuta bayanai daga cikin abin ajiyewa saboda kuskuren lissafin girman ma'auni lokacin amfani da ƙidodi. Lokacin yin lissafin girman, an ɗauka cewa ana buƙatar haruffa uku don tserewa daga jimla guda ɗaya, kodayake ana buƙatar huɗu a zahiri.

Source: https://ubuntu.com


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.