Kwanan nan an sake bayyana wani batun a cikin tsarin AF_PACKET Kernel na Linux, wanda ba da damar mai amfani mara izini don gudanar da lambar azaman tushe ko fita daga kwantena da aka keɓe idan sun sami damar shiga.
Bayanin da aka fitar ya ambaci cewa ana buƙatar hukumar CAP_NET_RAW don ƙirƙirar soket ɗin AF_PACKET da kuma amfani da yanayin rauni.
Koyaya, an lura cewa mai amfani ba tare da gata ba zai iya samun izini kayyade a cikin kwantena da aka kirkira akan tsarin tare da kunna wuraren sunayen mai amfani.
Misali, an sanya wuraren sunayen mai amfani da tsoho a cikin Ubuntu da Fedora, amma ba a kunna cikin Debian da RHEL ba. Ganin cewa a cikin Android, aikin watsa labaru yana da haƙƙin ƙirƙirar kwasfan AF_PACKET, ta inda ake amfani da yanayin rauni.
Game da yanayin rauni a cikin AF_PACKET
Rashin lafiyar ya kasance a cikin aikin tpacket_rcv kuma yana faruwa ne ta hanyar kuskure a cikin lissafin canjin canjin netoff.
Mai kai hari na iya ƙirƙirar yanayi a karkashin wacce zai rubuta ƙimar ƙasa da maclen a cikin maɓallin netoff, wanda zai haifar da ambaliya ta hanyar kirga "macoff = netoff-maclen" sannan yin hakan zai iya saita madogara a ma'ajin bayanai masu shigowa.
A sakamakon haka, mai kawo hari zai iya fara rubuta baiti 1 zuwa 10 zuwa wani yanki a waje ajiyar da aka ware.
Calididdigar ɓatarwa ta kasance a cikin kwaya tun daga watan Yulin 2008, wato, a cikin dukkan kernels na yanzu, duk da haka ƙwarewar da aka sani ta yanzu don amfani da shi don rubutawa zuwa wani yanki a waje da ajiyar ajiyar (yanayin rauni) ana iya gabatar da shi a watan Fabrairu daga 2016 (daga kernel Sigogi 4.6-rc1 kuma daga baya), tare da ci gaba na tallafi na virio_net.
Game da magance matsalar kuwa har yanzu ana samunsa kamar faci. Baya ga wannan, a gefe guda, an lura cewa ana ci gaba da amfani da damar wanda ke ba da izinin samun haƙƙin tushen a cikin tsarin.
Ga waɗanda suke da sha'awar sanin idan gyara ya riga ya kasance don rarraba su, za su iya bin diddigin sabuntawar kunshin a cikin rarrabuwa daban-daban a kan shafuka masu zuwa: Ubuntu, Fedora, SUSE, Debian, RHEL, Arch.
An cire tallafin gungurar rubutu don na'ura mai kwakwalwa na rubutu
A wani bangaren kuma da yake magana game da kwayar Linux, an kuma sanar da cewa an cire lambar birgima ta rubutu daga aiwatar da na'urar wasan bidiyo a cikin kwayar Linux (CONFIG_VGACON_SOFT_SCROLLBACK).
Lambar an cire saboda kasancewar kwari, wanda babu wanda ya gyara saboda rashin manajan da zai kula da cigaban vgacon.
Kuma wannan shine 'yan watannin da suka gabata an gano yanayin rauni kuma an gyara shi a cikin vgacon (CVE-2020-14331) wannan na iya haifar da ambaliya saboda rashin wadatattun bayanan ƙwaƙwalwar ajiya a cikin maɓallin kewayawa. Rashin lafiyar ya kama hankalin masu ci gaba wanda ya shirya gwajin fuzzing na lambar vgacon a cikin syzbot.
Bayan haka ƙarin tabbaci sun bayyana ƙarin batutuwa da yawa yayi kama da lambar vgacon, kazalika da matsaloli a cikin aiwatar da kayan aikin ƙaura a cikin mai sarrafa fbcon.
Abin takaici an bar lambar matsala ba da daɗewa ba, mai yiwuwa saboda gaskiyar cewa masu haɓakawa sun canza zuwa amfani da zane-zane na hoto kuma an daina amfani da kayan rubutu na rubutu (mutane suna ci gaba da amfani da vgacon da fbcon consoles, amma ba su kasance babban mahaɗin kwayar ba shekaru da yawa kuma sun yada duka ayyuka kamar mai sarrafawa wanda aka gina a ciki (Shift + PgUp / PgUp) tabbas suna cikin ƙaramin buƙata).
A wannan ma'anar, Linus Torvalds ya yanke shawarar kada a yi ƙoƙarin kiyaye lambar ba a bayyana ba, amma share shi kawai.
A ƙarshe, an ambaci cewa idan akwai masu amfani waɗanda suke buƙatar wannan aikin, lambar don tallafawa gungurawa a cikin na'ura mai kwakwalwa za a mayar da ita zuwa kernel da zaran akwai mai kula da shirye ko wanda yake son ɗaukar nauyin ɗaukar kulawar nasa da kansu hannaye, wato, kawai wanda yake son sadaukar da lokaci ga shi.