Muva nje izindaba zikuqedile lokho ubungozi buphawulwe ku-Linux kernel futhi esevele ifakwe kukhathalogi ngaphansi kwe-CVE-2022-0847 futhi abayiqambe ngokuthi "Ipayipi Elingcolile".
Lokhu kuba sengozini okubizwa ngokuthi "Ipayipi Elingcolile"ivumela ukubhala ngaphezulu okuqukethwe kwenqolobane yekhasi lanoma yiliphi ifayela, okuhlanganisa nalawo asethelwe ekufundeni kuphela, avulwe ngefulegi le-O_RDONLY, noma atholakala kumasistimu wefayela agxunyekwe ngokufundwa kuphela.
Ngasohlangothini olungokoqobo, ukuba sengozini ingasetshenziswa ukufaka ikhodi kuzinqubo ezingenangqondo noma onakalisa idatha kumafayela avuliwe. Isibonelo, ungashintsha okuqukethwe kwefayela eligunyazwe_okhiye kunqubo ye-sshd.
Mayelana Nepayipi Elingcolile
Kuyafana nokuba sengozini okubucayi INKOMA Engcolile ekhonjwe ngo-2016 futhi Ipayipi Elingcolile kuthiwa lisezingeni elifanayo neNKOMO Engcolile ngokwengozi, kodwa ukuthi lena kulula kakhulu ukuyisebenzisa.
Ipayipi Elingcolile likhonjwe ngesikhathi kuhlaziywa izikhalo mayelana nokulimala ngezikhathi ezithile ezinqolobaneni kulandwe ngenethiwekhi kusistimu elanda amafayela acindezelwe esuka kuseva yokugawula (37 umonakalo ezinyangeni ezi-3 ohlelweni olulayishiwe), alungiswe kusetshenziswa ukusebenza kwe-splice() kanye namapayipi angashiwongo.
Ukuba sengozini ibilokhu ibonakala kusukela inguqulo ye-Linux kernel 5.8, ekhishwe ngo-Agasti 2020.
Sibone enye indlela esingasho ngayo ukuthi ikhona ku-Debian 11 kodwa ayithinti i-base kernel ku-Ubuntu 20.04 LTS, kuyilapho i-RHEL 8.x ne-openSUSE/SUSE 15 kernels esekelwe ekuqaleni emagatsheni amadala, kodwa kungenzeka. ukuthi ushintsho oludala inkinga ludluliselwe kubo (ayikho idatha eqondile okwamanje).
Ukuba sengozini kungenxa yokuntuleka kokuqaliswa kwevelu elithi "buf->flags" kukhodi yemisebenzi copy_page_to_iter_pipe() kanye push_pipe(), ngaphandle kokuthi inkumbulo ingasulwa lapho isakhiwo sabiwe, kanye nokukhohlisa okuthile okungashiwongo ngamagama. amapayipi, "buf->amafulegi" angase aqukathe inani eliphuma komunye umsebenzi. Ngalesi sici, umsebenzisi wasendaweni ongenamalungelo angakwazi ukufinyelela ukubonakala kwevelu engu-PIPE_BUF_FLAG_CAN_MERGE kufulegi, okumvumela ukuthi abhale phezu kwedatha kunqolobane yekhasi ngokumane abhale idatha entsha epayipini elilungiselelwe ngokukhethekile elingashiwongo.
ngokuhlaselwa kungenziwa, udinga ifayela eliqondiwe okufanele lifundeke futhi njengoba amalungelo okufinyelela engahloliwe lapho ubhalela ipayipi, ukushintshwa kungenziwa kunqolobane yekhasi, ngisho namafayela atholakala kuma-partitions okufunda kuphela (isibonelo, kumafayela e-CD-ROM).
Ngalokhu, ngemva kokufaka imininingwane ku-cache yekhasi, inqubo, lapho ufunda idatha kusuka kufayela, ngeke ithole idatha yangempela, kodwa eshintshiwe.
Kushiwo lokho ukusebenza Kwepayipi Elingcolile kubilisa ekudaleni ipayipi elingashiwongo futhi ligcwalise ngedatha engafanele ukuze kuzuzwe ukusetha ifulegi le-PIPE_BUF_FLAG_CAN_MERGE kuzo zonke izakhiwo zamaringi ahlobene nalo.
Idatha ibe isifundwa epayipini, kodwa ifulegi lihlala lisethwe kuzo zonke izimo zesakhiwo se-pipe_buffer kuzakhiwo zendandatho yepayipi_inode_info. Kubizelwa i-splice() ukuze kufundwe idatha esuka efayeleni okuyiwa kuyo iye epayipini elingashiwongo igama, kuqalwa lapho kudingeka khona. Lapho ubhala idatha kuleli payipi elingashiwongo, ifulegi le-PIPE_BUF_FLAG_CAN_MERGE lizosula idatha kunqolobane yekhasi esikhundleni sokudala isenzakalo esisha sesakhiwo se-pipe_buffer.
Okokugcina Uma unesifiso sokwazi okwengeziwe ngakho, ungabheka imininingwane kunothi lokuqala Kulesi sixhumanisi esilandelayo.
Futhi, uma unentshisekelo ku ukwazi ukulandela noma ukwazi mayelana nokushicilelwa kwezibuyekezo wamaphakheji ekusabalazweni okukhulu, ungakwenza kusuka kulawa makhasi: Debian, SUSE, Ubuntu, RHEL, Fedora, I-Gentoo, I-Arch Linux.
Kushiwo ukuthi ukulungiswa okuhlongozwayo kokuba sengozini kuyatholakala kuzinguqulo ze-Linux Kernel 5.16.11, 5.15.25 kanye no-5.10.102 futhi ukulungisa kuphinde kufakwe ku-kernel esetshenziswa kuplathifomu ye-Android.