Vatsvagiri kubva kuGoogle Project Zero timu yakaburitswa munguva pfupi yapfuura kuburikidza neye blog positi nzira itsva yekushandisa kushaya simba (CVE-2020-29661) mukuitwa kweiyo ioctl inobata TIOCSPGRP ye Linux kernel tty subsystem, pamwe chete nedziviriro dzakadzama nzira dzinogona kuvharira kusagadzikana uku.
Inotaurwa muchinyorwa kuti dambudziko rinokonzerwa nekukanganisa mukugadzirisa kwekuvhara, inotungamira kune mamiriro emujaho mune kodhi ye /tty/tty_jobctrl.c, iyo yakashandiswa kugadzira mamiriro ekuwana ndangariro mushure mekutanga (kushandisa-mushure-yemahara), yakashandiswa nemushandisi nzvimbo kuburikidza nekunyengera neoct- nekudaidza TIOCSPGRP.
Pamusoro peruzivo rwakaburitswa, zvakare a functional exploit demo yakaitwa kuitira ropafadzo kuwedzera Debian 10 ine kernel 4.19.0-13-amd64 uye izvo zvakare zvisingaregi kuti zvinogona kukanganisa kugoverwa kwakasiyana-siyana, pakati peiyo yechokwadi kune iyo yakavakirwa uye inotorwa kubva kuDebian.
Mazhinji emaitiro ekushandisa ega ega uye nzira dzekudzikisa dzandiri kutsanangura pano hadzisi dzinoverengeka. Nekudaro, ini ndinofunga zvakafanira kuvanyorera pamwechete kuratidza kuti akasiyana mitigations anopindirana sei neyakajairwa mushure mekusununguka kwemahara.
Iyo kodhi snippets mune ino blog positi inoenderana nekushandiswa inotorwa kubva kune yapfuura vhezheni 4.19.160, sezvo ndizvo izvo zvinotarirwa Debian kernel zvakavakirwa; mamwe macode snippets anobva kuLinux mainline.
Panguva imwecheteyo, munyaya yakabudiswa, kusimbiswa hakusi zvakanyanya pamaitiro ekugadzira kushandiswa kwekushanda, asi pane zvipi zvishandiso zviripo mu kernel kuti uzvidzivirire pamusoro pehutera hwakadai.
Mhedziso inoodza moyo, sezvinotaurwa kuti nzira dzakadai sechikamu chekuyeuka mumurwi uye kudzora kupinda mundangariro mushure mokunge yasunungurwa haishandiswi mukuita sezvo inotungamirira mukuparara kwekuita uye kuchengetedzwa kwakavakirwa paCFI (Control Flow Integrity), iyo inovhara kushandiswa mune gare gare. nhanho dzekurwisa, zvinoda kuvandudzwa.
Rudzi rwakakosha rwechigadziriso chigadziriso ndeye pseudo terminals, iyo inoshandiswa kana, semuenzaniso, iwe uchivhura terminal application munzvimbo ine graphical kana kubatanidza kune iri kure muchina kuburikidza neSSH. Nepo zvimwe zvigadziriso zvigadziriso zvakabatana kune imwe mhando yehardware, migumo yese yepseudo-terminal inodzorwa nenzvimbo yemushandisi, uye pseudo-terminals inogona kugadzirwa zvakasununguka nenzvimbo yemushandisi (pasina ropafadzo).
Pese painovhurwa / dev / ptmx (ipfupi ye "pseudo-terminal multiplexer"), inobuda faira tsananguro inomiririra divi remudziyo (rinorehwa muzvinyorwa uye kernel masosi se "master pseudo-terminal") yechishandiso. new pseudo terminal.
Iyo inoenderana terminal mudziyo (iyo iyo goko rinowanzo batanidza) inogadzirwa otomatiki ne kernel pasi / dev / pts / .
Kana uchitarisa izvo zvingaite mutsauko mukufamba kwenguva, simbiso iri pakushandisa advanced static analyzers kana kushandisa ndangariro-yakachengeteka mitauro seRust neC dialects ine akawedzera zvirevo (seProven C) kuvaka macheki echimiro, makiyi, zvinhu uye anonongedzera. Nzira dzekudzivirira dzinotaurawo kumisa iyo panic_on_oops modhi, ichiita kuti zvimiro zve kernel zviverenge-chete uye kudzikisira kupinda kwenharembozha kuburikidza nemaitiro seccomp.
Iko kukanganisa kunokonzera dambudziko yakagadziriswa muLinux kernel musi waZvita 3 wegore rapfuura. Dambudziko inozviratidza mumbeu isati yasvika shanduro 5.9.13, asi kugovera kwakawanda kwakagadzirisa dambudziko mu kernel package yekuvandudza yakapihwa gore rapfuura.
Kusagadzikana kwakafanana kunotaurwa zvakare (CVE-2020-29660) iyo yakawanikwa panguva imwe chete mukuitwa kweTIOCGSID ioctl call, asi yakabviswawo kwese kwese.
Finalmente Kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.