Abacwaningi abavela ethimbeni le-Google Project Zero bakhululiwe muva nje ngeposi lebhulogi indlela entsha yokusebenzisa ubuthakathaka (CVE-2020-29661) ekusebenziseni isibambi se-ioctl TIOCSPGRP I-Linux kernel tty subsystem, kanye nezindlela zokuvikela ezinemininingwane ezingavimba lobu bungozi.
Kushiwo eposini ukuthi inkinga ibangelwa iphutha kuzilungiselelo zokukhiya, okuholela esimweni somjaho kukhodi ethi /tty/tty_jobctrl.c, esetshenziswe ukudala izimo zokufinyelela inkumbulo ngemva kokuqaliswa (ukusetshenziswa ngemva kokukhululwa), okuxhashazwe isikhala somsebenzisi ngokukhohlisa nge-ioct- ngokubiza i-TIOCSPGRP.
Ngaphezu kolwazi olushicilelwe, futhi kwenziwa idemo yokuxhaphaza esebenzayo ngenxa yokwanda kwelungelo I-Debian 10 ene-kernel 4.19.0-13-amd64 futhi futhi okungakhiphi ukuthi kungase kuthinte ukusatshalaliswa okuhlukahlukene, okukhona phakathi kwalokho okusekelwe futhi kususelwa ku-Debian.
Amasu amaningi okuxhashazwa kanye nezinketho zokunciphisa engizichaza lapha aziwona amanoveli. Kodwa-ke, ngicabanga ukuthi kufanelekile ukuwabhala ndawonye ukukhombisa ukuthi ukuncishiswa okuhlukahlukene kusebenzisana kanjani nokuxhashazwa okuvamile kwangemva kwamahhala.
Amazwibela ekhodi kulokhu okuthunyelwe kwebhulogi ahambisana nokuxhashazwa athathwe enguqulweni yangaphambilini engu-4.19.160, njengoba kuyilokho okusekelwe kukho i-Debian kernel; amanye amazwibela ekhodi avela ku-Linux mainline.
Ngesikhathi esifanayo, esihlokweni esishicilelwe, ukugcizelelwa akukhona kakhulu kumasu okudala ukuxhashazwa okusebenzayo, kodwa kumaphi amathuluzi zikhona ezinhlamvini ukuzivikela ngokumelene nobuthakathaka obunjalo.
Isiphetho siyadumaza, njengoba kushiwo ukuthi izindlela ezinjengokuhlukanisa inkumbulo enqwabeni nokulawula ukufinyelela kumemori ngemva kokuba ikhululiwe azisetshenziswa ekusebenzeni njengoba ziholela ekonakaleni kokusebenza nokuvikelwa okusekelwe ku-CFI (Control Flow Integrity), evimbela ukuxhashazwa kamuva. izigaba zokuhlasela, kudinga ukuthuthukiswa.
Uhlobo olukhethekile lwedivayisi yetheminali ama-pseudo-terminals, asetshenziswa uma, isibonelo, uvula uhlelo lokusebenza endaweni eyisithombe noma uxhuma emshinini oqhelile nge-SSH. Ngenkathi amanye amadivaysi abulalayo exhunywe kuhlobo oluthile lwehadiwe, zombili iziphetho ze-pseudo-terminal zilawulwa yisikhala somsebenzisi, futhi ama-pseudo-terminals angadalwa ngokukhululekile isikhala somsebenzisi (ngaphandle kwamalungelo).
Noma kunini lapho i-/dev/ptmx ivulwa (ifushani elithi "pseudo-terminal multiplexer"), isichazi sefayela esiwumphumela simelela uhlangothi lwedivayisi (okubhekiselwa kulo emibhalweni kanye nemithombo ye-kernel njengokuthi "i-master pseudo-terminal") yedivayisi. i-pseudo entsha Isikhumulo.
Idivayisi yokugcina ehambisanayo (lapho igobolondo elivame ukuxhuma khona) idalwe ngokuzenzakalelayo yi-kernel ngaphansi / dev / pts / .
Uma ubheka ukuthi yini engenza umehluko ngokuhamba kwesikhathi, okugcizelelwayo kusekusebenziseni izihlaluli ezimile ezithuthukisiwe noma ukusebenzisa izilimi ezivikeleke kwinkumbulo njengezilimi zesigodi eziRust kanye no-C ezinezichasiselo ezinwetshiwe (njengoC okufakazelwe) ukwakha okuhlola isimo, izingidi, izinto kanye nezinkomba. Izindlela zokuvikela ziphinde zikhulume ngokuvumela imodi ye-panic_on_oops, ukwenza izakhiwo ze-kernel zifundeke kuphela kanye nokukhawulela ukufinyelela kumakholi wesistimu ngokusebenzisa izindlela ezifana ne-seccomp.
Iphutha elidala inkinga yalungiswa ku-Linux kernel ngo-Dec 3rd wonyaka odlule. Inkinga iziveza ngezinhlamvu ngaphambi kwenguqulo 5.9.13, kodwa ukusabalalisa okuningi kulungise inkinga kuzibuyekezo zephakheji le-kernel ezinikezwe ngonyaka odlule.
Ukuba sengozini okufanayo kuyashiwo (CVE-2020-29660) okutholwe ngasikhathi sinye ekusetshenzisweni kocingo lwe-TIOCGSID ioctl, kodwa futhi kwasuswa yonke indawo.
Okokugcina Uma unesifiso sokwazi okwengeziwe ngakho, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.