Abaphandi abavela kwiqela leProjekthi yeGoogle kaGoogle bakhululiwe kutshanje ngeposi blog indlela entsha yokusebenzisa ubuthathaka (CVE-2020-29661) ekuphunyezweni kwe-ioctl handler TIOCSPGRP ye- Linux kernel tty inkqubo esezantsi, kunye neendlela zokukhusela ezineenkcukacha ezinokuthintela obu buthathaka.
Kukhankanyiwe kwisithuba ukuba ingxaki ibangelwa yimpazamo kwizicwangciso zokutshixa, ekhokelela kwimeko yobuhlanga kwikhowudi ye /tty/tty_jobctrl.c, eyayisetyenziselwa ukudala iimeko zokufikelela kwimemori emva kokuqaliswa (ukusetyenziswa-emva kokukhululeka), kusetyenziswe indawo yomsebenzisi ngokusebenzisa i-ioct- ngokubiza i-TIOCSPGRP.
Ukongeza kulwazi olupapashiweyo, kwakhona kwenziwa idemo yokuxhaphaza esebenzayo ngenxa yokwanda kwelungelo I-Debian 10 ene-kernel 4.19.0-13-amd64 kwaye nayo ayikhuphi ngaphandle ukuba inokuchaphazela ulwabiwo olwahlukeneyo, phakathi kwazo ngokuqinisekileyo ezo zisekelwe kwaye zithathwe kwiDebian.
Uninzi lweendlela zokuxhaphaza umntu ngamnye kunye neendlela zokunciphisa endizichaza apha aziyonoveli. Nangona kunjalo, ndicinga ukuba kufanelekile ukuzibhala kunye ukubonisa ukuba iindlela ezahlukeneyo zokunciphisa zidibana njani nokuxhaphazwa okuqhelekileyo kwasemva kwasimahla.
Iikhowudi zekhowudi kule post yeblogi echaphazelekayo kwi-exploit ithathwa kwi-version yangaphambili ye-4.19.160, njengoko yiloo nto i-kernel ye-Debian ejoliswe kuyo isekelwe kuyo; ezinye iziqwengana zekhowudi zisuka kumgca weLinux.
Kwangaxeshanye, kwinqaku elishicilelweyo, ugxininiso alukho kakhulu kwindlela yokwenza i-exploit esebenzayo, kodwa kwiziphi izixhobo kukho kwinkozo ukuzikhusela ngokuchasene nobuthathaka obunjalo.
Isiphelo siyadanisa, njengoko kukhankanyiwe ukuba iindlela ezifana nememori yokwahlula kwimfumba kunye nokulawula ukufikelela kwimemori emva kokuba ikhululiwe ayisetyenziswanga ekusebenzeni njengoko ikhokelela ekuthotyweni komsebenzi kunye nokhuseleko olusekelwe kwi-CFI (Control Flow Integrity), evimba ukuxhaphaza kwixesha elizayo. izigaba zohlaselo, zifuna ukuphuculwa.
Uhlobo olukhethekileyo lwesixhobo se-terminal ziitheminali ze-pseudo, ezisetyenziswa xa, umzekelo, uvula i-terminal yesicelo kwindawo yomzobo okanye uqhagamshela kumatshini okude nge-SSH. Ngelixa ezinye izixhobo ze-terminal zixhunyiwe kuhlobo oluthile lwe-hardware, zombini iziphelo ze-pseudo-terminal zilawulwa yindawo yomsebenzisi, kwaye i-pseudo-terminals ingenziwa ngokukhululekileyo yindawo yomsebenzisi (ngaphandle kwamalungelo).
Nanini na i/dev/ptmx ivulwa (imfutshane ye "pseudo-terminal multiplexer"), isiphumo senkcazelo yefayile simele icala lesixhobo (ekubhekiswa kulo kuxwebhu kunye nemithombo yekernel njenge "master pseudo-terminal") yesixhobo. -Indawo yokukhwelela.
Isixhobo esihambelanayo se-terminal (apho iqokobhe eliqhele ukuqhagamshela kuyo) yenziwe ngokuzenzekelayo yikernel phantsi kwe / dev / pts / .
Xa ujonge into enokwenza umahluko ekuhambeni kwexesha, ugxininiso kukusebenzisa abahlalutyi be-static okanye ukusebenzisa iilwimi ezikhuselekileyo kwimemori ezifana neRust kunye neC yezizwana ezinezichasiselo ezongeziweyo (njengezingqinisiso zeC) ukwakha abahloli besimo, izitshixo, izinto kunye nezalathisi. Iindlela zokukhusela zikwakhankanya ukwenza i-panic_on_oops imowudi, ukwenza ulwakhiwo lwe-kernel lufundeke kuphela kunye nokuthintela ukufikelela kwiifowuni zenkqubo ngeendlela ezinjenge-seccomp.
Impazamo ebangela ingxaki yalungiswa kwi-Linux kernel nge-3 kaDec walo nyaka uphelileyo. Ingxaki iziveza kwiinkozo phambi koguqulelo 5.9.13, kodwa uninzi losasazo luyilungisile ingxaki kuhlaziyo lwephakheji ye-kernel enikezelwe kunyaka ophelileyo.
Kwakhona kukhankanyiwe kubuthathaka obufanayo (CVE-2020-29660) obufunyenwe ngaxeshanye ekuphunyezweni kwe-TIOCGSID ioctl call, kodwa yasuswa kuyo yonke indawo.
Gqibela Ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.