Tsvina Pipe: kusagadzikana kunobvumira kuti data inyorwe

Munguva pfupi yapfuura nhau dzakabvarura izvo kusagadzikana kwakaonekwa muLinux kernel uye iyo yakatonyorwa pasi peCVE-2022-0847 uye yavakatumidza kuti "Yakasviba Pipe".

Kusagadzikana uku kwakanzi "Dirty Pipe"inobvumira kunyora pamusoro zviri mukati me cache yepeji yechero faira, kusanganisira idzo dzakagadzirirwa kuverenga-chete, yakavhurwa neO_RDONLY mureza, kana iri pamafaira masisitimu akaiswa kuverenga-chete.

Padivi rinoshanda, kusazvibata inogona kushandiswa kupinza kodhi mumaitiro asina tsarukano kana kukanganisa data mumafaira akazaruka. Semuenzaniso, unogona kushandura zvirimo zvemvumo_keys faira ye sshd maitiro.

Nezve Dirty Pipe

Zvakafanana nekunetseka kwakanyanya Dirty COW yakaonekwa muna 2016 uye Dirty Pipe inonzi iri padanho rimwechete neDirty COW maererano nenjodzi, asi kuti iyi iri nyore kwazvo kushanda.

Tsvina Pipe yakaonekwa panguva yekuongororwa kwezvichemo nezve kukuvadzwa kweperiodic kumatura kudhawunirodha pamusoro petiweki pane sisitimu inodhawunirodha mafaera akamanikidzwa kubva kune yekutema matanda (37 inokuvadza mumwedzi mitatu pane yakarodha sisitimu), iyo yakagadzirwa uchishandisa splice () mashandiro uye mapaipi asina kudomwa.

Kunetseka yanga ichiratidza kubvira Linux kernel vhezheni 5.8, yakaburitswa muna Nyamavhuvhu 2020.

Takaona imwe nzira yatinogona kutaura nayo kuti iripo muDebian 11 asi haikanganise base kernel muUbuntu 20.04 LTS, nepo RHEL 8.x uye openSUSE/SUSE 15 kernels idzo dzakatangira pamatavi ekare, asi zvinogoneka. kuti shanduko inokonzera dambudziko yakaendeswa kwavari (hapana chaiyo data parizvino).

Kusagadzikana kunokonzerwa nekushaikwa kwekutanga kukosha kwe "buf-> mireza" mune kodhi yemabasa copy_page_to_iter_pipe() uye push_pipe(), kunyangwe ndangariro isiri kucheneswa kana chimiro chapihwa, uye nemamwe manipulations asina kudomwa zita. mapaipi, "buf-> mireza" inogona kunge iine kukosha kubva kune kumwe kushanda. Nechinhu ichi, mushandisi wemuno asina rusaruro anogona kuwana kutaridzika kwePIPE_BUF_FLAG_CAN_MERGE kukosha mumureza, zvichivabvumira kunyora pamusoro pe data mucache yepeji nekunyora data nyowani kune imwe pombi yakanyatsogadzirirwa isina kudomwa zita.

kuitira kurwisa zvinogona kuitwa, unoda faira yakanangwa iyo inofanirwa kuverengeka uye sezvo kodzero dzekuwana dzisingatariswe paunenge uchinyorera pombi, kutsiva kunogona kuitwa pane cache peji, kunyangwe kune mafaera ari pakuverenga-chete zvikamu (semuenzaniso, kune c CD-ROM mafaera).

Neizvi, mushure mekutsiva ruzivo mune cache peji, iyo nzira, kana uchiverenga data kubva pafaira, haigamuchire data chaiyo, asi yakatsiviwa.

Izvo zvinotaurwa kuti iyo Dirty Pipe oparesheni inowira pasi kugadzira pombi isina kudomwa uye kuizadza nechero data kuti ubudirire kuseta PIPE_BUF_FLAG_CAN_MERGE mureza pane zvese zvimiro zvine chekuita nazvo.

Iyo data inozoverengwa kubva papombi, asi mureza unoramba wakaiswa pane ese epipe_buffer chimiro mupiipi_inode_info mhete zvimiro. Kufona ku splice() kunozoitwa kuti uverenge data kubva kufaira rekuenda kune pombi isina kudomwa zita, kutanga painodiwa offset. Paunenge uchinyora data kune iyi pombi isina kudomwa zita, PIPE_BUF_FLAG_CAN_MERGE mureza unodzima data iri mucache yepeji pane kugadzira chiitiko chitsva chepiipi_buffer chimiro.

Finalmente Kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa zvinyorwa mutsamba yekutanga Mune inotevera chinongedzo.

Zvakare, kana iwe uchifarira kukwanisa kutevera kana kuziva nezve kuburitswa kwezvinovandudzwa emapakeji mukugovera kukuru, unogona kuzviita kubva pamapeji aya: DebianSUSEUbuntuRHELFedoraGentooArchLinux.

Zvinonzi gadziriso yakarongwa yenjodzi inowanikwa muLinux Kernel shanduro 5.16.11, 5.15.25 uye 5.10.102 uye gadziriso yacho inosanganisirwa mukernel inoshandiswa pachikuva Android.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako