Kutshanje iindaba ziye zaqhekeka ubuthathaka ichongiwe kwi-Linux kernel kwaye esele ifakwe kwikhathalogu phantsi kwe-CVE-2022-0847 kwaye bayibize njenge "Umbhobho omdaka".
Obu buthathaka bubizwa ngokuba "nguMbhobho omdaka"ivumela ukubhala ngaphezulu imixholo yecache yephepha layo nayiphi na ifayile, iquka ezo zimiselwe kufundo-kuphela, ivulwe nge O_RDONLY iflegi, okanye ibekwe kwiindlela zefayile zinyuselwe ukufunda-kuphela.
Kwicala elisebenzayo, ukuba sesichengeni ingasetyenziselwa ukufaka ikhowudi kwiinkqubo ezingafanelekanga okanye yonakalisa idatha kwiifayile ezivulekileyo. Umzekelo, ungatshintsha umxholo we authorized_keys ifayile yenkqubo yesshd.
Malunga noMbhobho omdaka
Iyafana nokuba sesichengeni esibalulekileyo eDirty COW ichongiwe kwi-2016 kunye ne-Dirty Pipe ikhankanywe kwinqanaba elifanayo ne-Dirty COW malunga nobungozi, kodwa ukuba le ilula kakhulu ukusebenza.
Umbhobho omdaka wachongwa ngexesha lokuhlalutywa kwezikhalazo malunga nomonakalo owenziwe ngamaxesha athile kwiindawo zokugcina izinto ezibalulekileyo zikhutshelwe phezu komsebenzi womnatha kwisixokelelwano esikhuphela iifayile ezicinezelweyo ukusuka kumncedisi wokugawulwa kwemithi (37 umonakalo kwiinyanga ezi-3 kwisistim elayishiweyo), ezalungiswa ngokusebenzisa i-splice () ukusebenza kunye nemibhobho engachazwanga.
Ukuba sesichengeni ibibonakala ukususela kwi-Linux kernel version 5.8, yakhutshwa ngo-Agasti ka-2020.
Ubone enye indlela esinokuthi ikhona kwi-Debian 11 kodwa ayichaphazeli isiseko se-kernel ku-Ubuntu 20.04 LTS, ngelixa i-RHEL 8.x kunye ne-openSUSE/SUSE 15 kernels esekwe kumasebe amadala, kodwa kunokwenzeka. ukuba utshintsho olubangela ingxaki ludluliselwe kubo (akukho datha ngqo okwangoku).
Ukuba sesichengeni kungenxa yokunqongophala kokuqaliswa kwexabiso "buf->iiflegi" kwikhowudi yemisebenzi copy_page_to_iter_pipe() kunye push_pipe(), nangona inkumbulo ingacocwanga xa isakhiwo sabiwe, kunye nokuguqulwa okuthile okungachazwanga magama. imibhobho, "buf->iiflegi" inokuqulatha ixabiso elisuka komnye umsebenzi. Ngeli nqaku, umsebenzisi wasekhaya ongenanto unokufikelela kwinkangeleko yexabiso PIPE_BUF_FLAG_CAN_MERGE kwiflegi, ebavumela ukuba babhale ngaphezulu idatha kwi-cache yephepha ngokubhala idatha entsha kumbhobho olungiselelwe ngokukodwa ongachazwanga.
kuhlaselo inokwenziwa, udinga ifayile ekujoliswe kuyo ekufuneka ifundeke kwaye ekubeni amalungelo okufikelela engakhange ahlolwe xa ubhalela kumbhobho, ukutshintshwa kunokwenziwa kwi-cache yephepha, nakwiifayile ezibekwe kwii-partitions zokufunda kuphela (umzekelo, kwiifayile ze-CD-ROM).
Ngaloo nto, emva kokutshintsha ulwazi kwi-cache yekhasi, inkqubo, xa ufunda idatha esuka kwifayile, ayiyi kufumana idatha yangempela, kodwa ithathelwe indawo.
Kuyakhankanywa ukuba umsebenzi weMbhobho emdaka ubilisa ekudaleni umbhobho ongachazwanga ngagama kwaye uwugcwalise ngedatha engafanelekanga Ukuphumeza ukuseta PIPE_BUF_FLAG_CAN_MERGE iflegi kuzo zonke izakhiwo zeringi ezinxulumene nayo.
Idatha ke ifundwa kumbhobho, kodwa iflegi ihlala ibekwe kuzo zonke iimeko zesakhiwo se-pipe_buffer kwi-pipe_inode_info izakhiwo ring. Ukufowuna kwi-splice () emva koko kwenziwa ukuba kufundwe idatha esuka kwifayile yendawo ukuya kumbhobho ongachazwanga gama, ukuqala kwi-offset efunekayo. Xa ubhala idatha kulo mbhobho ungachazwanga, i-PIPE_BUF_FLAG_CAN_MERGE iflegi iya kubhala ngaphezulu idatha kwi-cache yephepha endaweni yokudala umzekelo omtsha wesakhiwo se-pipe_buffer.
Gqibela Ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha kwinqaku lokuqala Kule khonkco ilandelayo.
Kwakhona, ukuba unomdla kwi ukwazi ukulandela okanye ukwazi malunga nopapasho lohlaziyo yempahla kunikezelo olungundoqo, ungayenza ukusuka kula maphepha: Debian, USUSE, Ubuntu, RHEL, Fedora, Gentoo, IArch Linux.
Kukhankanyiwe ukuba isilungiso esicetywayo sobuthathaka siyafumaneka kwiinguqulelo zeLinux Kernel 5.16.11, 5.15.25 kunye ne-5.10.102 kwaye ukulungiswa kukwaqukiwe kwi-kernel esetyenziswa kwiqonga le-Android.