Kwanan nan labari ya bazu cewa An gano rauni a cikin kernel na Linux kuma wanda aka riga aka lissafta a ƙarƙashin CVE-2022-0847 kuma waɗanda suka sanya suna a matsayin "Dirty Pipe".
Wannan raunin da ake yiwa lakabi da "Dirty Pipe"yana ba da damar sake rubuta abubuwan da ke cikin cache na shafin don kowane fayil, gami da waɗanda aka saita don karantawa-kawai, buɗe tare da tutar O_RDONLY, ko kuma yana kan tsarin fayil ɗin da aka ɗora karanta-kawai.
A bangaren aiki, rashin lahani za a iya amfani da su shigar da lamba cikin tsari na sabani ko lalata bayanai a buɗaɗɗen fayiloli. Misali, zaku iya canza abun cikin fayil ɗin izini_keys don tsarin sshd.
Game da Dirty Pipe
Ya yi kama da mummunan rauni Dirty COW An gano shi a cikin 2016 kuma an ambaci Dirty Pipe don zama daidai da Dirty COW dangane da haɗari, amma wannan ya fi sauƙin aiki.
An gano Dirty Pipe a lokacin nazarin koke-koke game da lalacewa na lokaci-lokaci ga ma'ajin zazzagewa akan hanyar sadarwa akan tsarin da ke zazzage fayilolin da aka matsa daga uwar garken shiga (lalacewar 37 a cikin watanni 3 akan tsarin da aka ɗora), waɗanda aka shirya ta amfani da aikin splice () da bututun da ba a bayyana sunansu ba.
Ularfafawa yana nunawa tun Linux kernel version 5.8, wanda aka saki a watan Agusta 2020.
Ga wata hanyar da za mu iya cewa yana nan a cikin Debian 11 amma bai shafi tushen kernel a cikin Ubuntu 20.04 LTS ba, yayin da RHEL 8.x da openSUSE / SUSE 15 kernels waɗanda aka samo asali akan tsoffin rassan, amma yana yiwuwa. cewa canjin da ke haifar da matsala an canza shi zuwa gare su (ba a sami cikakkun bayanai ba tukuna).
Rashin lahani shine saboda rashin ƙaddamar da ƙimar "buf-> tutoci" a cikin lambar ayyukan copy_page_to_iter_pipe () da kuma push_pipe (), duk da ƙwaƙwalwar da ba a sharewa ba lokacin da aka keɓe tsarin, kuma tare da wasu manipulations tare da wanda ba a bayyana sunansa ba. pipes, "buf-> tutoci" na iya ƙunsar ƙima daga wani aiki. Tare da wannan fasalin, mai amfani na gida mara gata zai iya cimma bayyanar ƙimar PIPE_BUF_FLAG_CAN_MERGE a cikin tuta, yana ba su damar sake rubuta bayanai a cikin cache ɗin shafin ta hanyar rubuta sabbin bayanai zuwa bututun da ba a bayyana sunansa ba.
domin kai hari za a iya yi, kuna buƙatar fayil ɗin manufa wanda dole ne a iya karantawa kuma tun da ba a bincika haƙƙin shiga lokacin rubutawa zuwa bututu, ana iya yin maye gurbin a cache shafi, har ma da fayilolin da ke kan ɓangarorin karantawa kawai (misali, fayilolin c CD-ROM).
Tare da wannan, bayan maye gurbin bayanan da ke cikin cache na shafi, tsarin, lokacin karanta bayanan daga fayil ɗin, ba zai karɓi ainihin bayanan ba, amma waɗanda aka maye gurbinsu.
An ambata cewa Aikin Dirty Pipe yana tafasa ƙasa don ƙirƙirar bututun da ba a bayyana sunansa ba kuma ya cika shi da bayanan sabani don cimma kafa tuta PIPE_BUF_FLAG_CAN_MERGE akan duk tsarin zobe da ke da alaƙa da shi.
Ana karanta bayanan daga bututun, amma tuta ta kasance a saita akan duk misalan tsarin pipe_buffer a cikin tsarin zoben pipe_inode_info. Sannan ana yin kira zuwa splice() don karanta bayanan daga fayil ɗin da aka nufa cikin bututun da ba a bayyana sunansa ba, yana farawa daga abin da ake buƙata. Lokacin rubuta bayanai zuwa wannan bututun da ba a bayyana sunansa ba, tutar PIPE_BUF_FLAG_CAN_MERGE za ta sake rubuta bayanan a cikin cache na shafin maimakon ƙirƙirar sabon misali na tsarin pipe_buffer.
Finalmente Idan kuna da sha'awar sanin game da shi, za ku iya duba cikakkun bayanai a cikin bayanin asali A cikin mahaɗin mai zuwa.
Hakanan, idan kuna sha'awar iya bi ko sani game da buga updates na fakitin a cikin babban rabon, zaku iya yin ta daga waɗannan shafuka: Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, ArchLinux.
An ambaci cewa gyaran rashin lahani da aka gabatar yana samuwa a cikin nau'ikan Linux Kernel 5.16.11, 5.15.25 da 5.10.102 kuma gyaran kuma an haɗa shi a cikin kwaya da aka yi amfani da shi akan dandamalin Android.