Vagadziri veLinux vanokurukura kana vobvisa ReiserFS

Chii chinonzi Linux uye ndechei?

Matthew wilcox shoko, inozivikanwa nekugadzira mutyairi we nvme (NVM Express) uye nzira yekuwana yakananga kuDAX faira system, yakakurudzira kubvisa ReiserFS faira system kubva kuLinux kernel nekuenzanisa neyakadzikiswa ext uye xiafs mafaira masisitimu kana nekupfupisa iyo ReiserFS kodhi, ichisiya chete "yekuverenga-chete" rutsigiro.

Izvo zvinotaurwa kuti chikonzero chekubvisa chaive chakawedzera matambudziko nekuvandudza yezvivakwa zve kernel, zvakakonzerwa nekuti, zvakanangana neReiserFS, vanogadzira vanomanikidzwa kusiya yakarasika mureza mubato AOP_FLAG_CONT_EXPAND mu kernel, sezvo ReiserFS ichiri iyo yega faira system inoshandisa iyi "nyora_tanga" basa » muKernel.

Panguva imwecheteyo, iyo yekupedzisira kugadzirisa muReiserFS kodhi inodzokera ku2019, uye hazvizivikanwe kuti FS iyi iri kudiwa zvakadii uye kana vakaramba vachiishandisa.

Tichifunga izvi, mugadziri weSUSE akabvuma mune iyo ReiserFS iri munzira yekudonha, asi hazvina kujeka kana yakadzikiswa zvakakwana kuti ibviswe kubva kukernel, sezvainotaura kuti ReiserFS inoenderera mberi nekutakura ine openSUSE uye SLES, asi iyo faira system mushandisi idiki uye iri kuderera.

Kune vashandisi vemakambani, ReiserFS rutsigiro paSUSE rwakamiswa makore 3-4 apfuura uye iyo ReiserFS module haina kubatanidzwa ne kernel nekukasira. Senge sarudzo, Ian akakurudzira kuti isu titange kuratidza yambiro yekudzikisira patinenge tichikwira ReiserFS zvikamu uye funga iyi faira yakagadzirira kubviswa kana pasina anotizivisa nezvechishuwo chekuenderera mberi nekushandisa iyi mafaera mugore kana maviri.

Edward Shishkin, iyo inochengetedza ReiserFS faira system, akapinda munhaurirano ndokupa chigamba chinobvisa kushandiswa kwemureza weAOP_FLAG_CONT_EXPAND yeReiserFS kodhi. Matthew Wilcox akatambira chigamba pakuvaka kwake. Naizvozvo, chikonzero chekubviswa chakabviswa, uye mubvunzo wekubvisa ReiserFS kubva kukernel unogona kutariswa wakamiswa kwenguva yakati rebei.

Hazvizogoneke kubvisa zvachose nyaya yeReiserFS deprecation nekuda kwe kernel kusarudzika basa pamafaira masisitimu nenyaya isina kugadziriswa ye2038.

Somuenzaniso, nokuda kwechikonzero ichi, chirongwa chakatogadzirirwa kubvisa yechina vhezheni yeXFS faira system fomati kubva kukernel (Iyo itsva XFS fomati yakatsanangurwa mu kernel 5.10 uye yakachinja nguva yekufashukira kuenda ku2468.) Iyo XFS v4 kuvaka ichave yakaremara nekukasira muna 2025 uye iyo kodhi ichabviswa muna 2030). Inokurudzirwa kugadzira nguva yakafanana yeReiserFS, ichipa angangoita makore mashanu ekufambisa kune mamwe mafaera masisitimu kana yakagadziridzwa metadata fomati.

Kunze kwaizvozvo, Izvo zvinomirawo pachena izvo zvakaziviswa mazuva mashoma apfuura nhau dzekusagadzikana (CVE-2022-25636) muNetfilter, iyo inogona kubvumira kernel-level kodhi kuuraya.

Kukanganisa kunokonzerwa nekukanganisa pakuverenga saizi yekuyerera-> mutemo->action.entries array munft_fwd_dup_netdev_offload function (inotsanangurwa munet/netfilter/nf_dup_netdev.c faira), izvo zvinogona kukonzera data inodzorwa neanorwisa anonyora. kunzvimbo yekurangarira kunze kwenzvimbo yakagoverwa.

Iko kukanganisa kunozviratidza pakugadzirisa iyo "dup" uye "fwd" mitemo pamaketani ayo anoshandiswa hardware kukurumidza kwepacket processing (kurodha) inoshandiswa. Nekuti kufashamira kunoitika mutemo wepacket filter usati wagadzirwa uye tsigiro yekuburitsa yakasimbiswa, kusazvibata kunoshandawo kunetiweki zvishandiso zvisingatsigire kukwidziridzwa kwehardware, senge loopback interface. .

Zvinoonekwa kuti dambudziko iri nyore kushandisa, sezvo hunhu hunodarika buffer hunogona kupeta chinongedzo kune net_device chimiro, uye data nezve kukosha kwakapetwa inodzoserwa kunzvimbo yemushandisi, zvichibvumira kero mundangariro dzinodiwa kuita kurwiswa kuti kuzivikanwe.

Kushandisa kusagadzikana inoda kusikwa kweimwe mitemo munftables, izvo zvinogoneka chete neCAP_NET_ADMIN ropafadzo, iyo inogona kuwanikwa neasina rombo mushandisi mune yakaparadzana network namespace (Network Namespaces). Kusagadzikana kunogona kushandiswawo kurwisa midziyo yekuzviparadzanisa nevamwe masisitimu.

Muenzaniso wekubiridzira wakaziviswa unobvumira mushandisi wemuno kukwidziridza maropafadzo avo paUbuntu 21.10 ine KASLR yekuchengetedza nzira yakaremara. Dambudziko rinozviratidza senge kernel 5.4. Mhinduro ichiripo sechigamba.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Mhinduro, siya zvako

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   Diego ChiGerman Gonzalez akadaro

    Mugadziri wefomati yefaira anga achipa mutongo kubva 2008 nekuda kwekuuraya mukadzi uyu. Zvikanzi yaizobuda gore rinouya. Pamwe inowana mabhatiri uye inogadzirisa matambudziko ese.
    Chero zvazvingava, muenzaniso wemabhenefiti eyakavhurika sosi iyo mapurojekiti anoenderera mberi kupfuura vanhu.