Kwanan nan labari ya bazu cewa an gano yanayin rauni (CVE-2021-29154) a cikin tsarin eBPF, wanda pYana ba da damar yin bincike, nazarin tsarin, da kuma masu kula da zirga-zirga yana gudana a cikin kernel na Linux a cikin keɓaɓɓiyar masarrafar JIT wacce bawa mai amfani na gari damar gudanar da lambarka a matakin kwaya.
A cewar masu binciken wadanda suka gano raunin, sun sami damar kirkirar samfurin aiki na amfani da tsarin 86-bit da 32-bit x64 wanda mai amfani mara gata zai iya amfani da shi.
A lokaci guda, Red Hat ya lura cewa tsananin matsalar ya dogara da samuwar tsarin eBPF. ga mai amfani. Misali, akan RHEL da mafi yawan sauran rarraba Linux ta hanyar tsoho, ana iya amfani da rauni lokacin da aka kunna BPF JIT kuma mai amfani yana da haƙƙin CAP_SYS_ADMIN.
An gano matsala a cikin kwayar Linux wacce zasu iya zagi
marasa amfani na cikin gida don haɓaka gata.Matsalar ita ce yadda masu sarrafa BPF JIT suke lissafawa don wasu gine-gine
Abubuwan haɓaka na reshe lokacin samar da lambar inji. Ana iya cin zarafin wannan
- ƙirƙirar lambar inji mara kyau kuma gudanar dashi a cikin yanayin kwaya,
inda aka sace kwararar iko don aiwatar da lambar tsaro.
Kuma shi ne cewa suna bayanin hakan matsalar ta samo asali ne daga kuskuren da aka haifar lokacin da ake kirga ƙaddamar da umarnin reshe yayin jigilar JIT wanda ke haifar da lambar inji.
Musamman, an ambaci cewa yayin samar da umarnin rassan, ba a la'akari da cewa hijirar na iya canzawa bayan wucewa ta matakin ingantawa, don haka ana iya amfani da wannan gazawar don samar da lambar inji mara kyau da aiwatar da ita a ƙirar ƙirar.
Ya kamata a lura cewa Wannan ba shine kawai rauni ba a cikin tsarin eBPF wanda aka san shi a cikin recentan shekarun nan, tun a ƙarshen Maris, an gano wasu ƙarancin raunin biyu a cikin kwaron (CVE-2020-27170, CVE-2020-27171), wanda ke ba da ikon yin amfani da eBPF don iya kewaye da kariya daga raunin aji na Specter, wanda ke ba da damar ƙayyade abubuwan ƙwaƙwalwar ajiyar kwaya kuma hakan yana haifar da ƙirƙirar yanayi don ƙididdigar aiwatar da wasu ayyukan.
Harin Specter yana buƙatar kasancewar takamaiman jerin umarni a cikin lambar gata, wanda ke haifar da aiwatar da umarni na musamman. A cikin eBPF, an sami hanyoyi da yawa don samar da irin waɗannan umarnin ta hanyar magudi da shirye-shiryen BPF da aka watsa don aiwatar da su.
- Raunin CVE-2020-27170 ya samo asali ne ta hanyar amfani da manuniya a cikin mai binciken BPF, wanda ke haifar da ayyukan tsinkaye don samun damar wani yanki a waje da maƙerin.
- Raunin CVE-2020-27171 yana da alaƙa da ɓarke mai ɓarke a cikin aiki yayin aiki tare da alamomi, wanda ke haifar da damar samun dama zuwa bayanan ɓoyewa.
Wadannan batutuwan an riga an gyara su a cikin nau'ikan kwaya 5.11.8, 5.10.25, 5.4.107, 4.19.182, da 4.14.227, kuma an haɗa su cikin sabunta kernel don yawancin rarar Linux. Masu bincike sun shirya samfurin amfani wanda zai ba mai amfani mara izini damar dawo da bayanai daga ƙwaƙwalwar ajiyar kernel.
Game da ɗayan mafita cewa samarwa tsakanin Red Hat shine:
Ragi:
Wannan matsalar ba ta shafi yawancin tsarin ta tsohuwa. Mai gudanarwa dole ne ya kunna BPF JIT ya shafa.
Ana iya kashe shi nan da nan tare da umarnin:
# echo 0 > /proc/sys/net/core/bpf_jit_enableKo kuma za a iya kashe ta don duk takalmin tsarin da ke tafe ta hanyar saita darajar a /etc/sysctl.d/44-bpf -jit-disable
## start file ## net.core.bpf_jit_enable=0</em> end file ##
Finalmente idan kuna sha'awar ƙarin sani game da shi game da wannan yanayin rauni, zaka iya bincika bayanan a ciki mahada mai zuwa.
Ya kamata a faɗi cewa matsalar ta ci gaba har zuwa sigar 5.11.12 (mai haɗawa) kuma har yanzu ba a warware ta ba a yawancin rarrabawa, kodayake gyaran ya rigaya ya kasance. samuwa azaman faci.