Muva nje enye inkinga yadalulwa kusistimu engaphansi ye-AF_PACKET ye-Linux kernel, okuyi ivumela umsebenzisi ongenalungelo lendawo ukusebenzisa ikhodi njengezimpande noma uphume iziqukathi ezingazodwa uma zinokufinyelela kwezimpande.
Imininingwane ekhishwe ibalula ukuthi igunya le-CAP_NET_RAW liyadingeka ukudala isokhethi le-AF_PACKET futhi lisizakalise ubungozi.
Kodwa-ke, kuyaziwa ukuthi umsebenzisi ongenamalungelo angathola imvume kucacisiwe kuziqukathi ezakhiwe kumasistimu anezikhala zamagama zomsebenzisi ezinikwe amandla.
Isibonelo, izikhala zamagama abasebenzisi zifakiwe ngokuzenzakalela ku-Ubuntu naseFedora, kepha azivunyelwe ku-Debian nase-RHEL. Ngenkathi ku-Android, inqubo ye-mediaerver inelungelo lokwenza amasokhethi e-AF_PACKET, lapho kungasetshenziswa khona ubungozi.
Mayelana nokuba sengozini ku-AF_PACKET
Ukuba sengozini kukhona emsebenzini we-tpacket_rcv futhi kudalwa yiphutha ekubalweni kokuguquguqukayo kwe-netoff.
Umhlaseli angadala izimo ngaphansi kwayo izobhala inani elingaphansi kwe-maclen kokuguquguqukayo kwe-netoff, okuyi kuzodala ukugcwala ngokubala i- "macoff = netoff-maclen" bese ukwenza kanjalo kungasetha ngokungafanele isikhombi kubhafa yedatha engenayo.
Ngenxa yalokho, umhlaseli angaqala ukubhala kusuka ku-1 kuye ku-10 amabhayithi aye endaweni engaphandle kwebhafa ebelwe.
Ukubalwa okungalungile bekukhona ku-kernel kusukela ngoJulayi 2008, okusho ukuthi, kuwo wonke ama-kernels amanje, kepha amandla esaziwa manje okuwasebenzisela ukubhala endaweni engaphandle kwe-buffer eyabelwe (ukuba sengozini) kungenzeka ukuthi yethulwa ngoFebhuwari kusuka ngo-2016 (kusuka ku-kernel izinhlobo 4.6-rc1 nangemva kwalokho), ngokwakhiwa kwe-virtio_net support.
Ngokuqondene nekhambi lenkinga lisatholakala njengesiqeshana. Ngaphezu kweqiniso lokuthi, ngakolunye uhlangothi, kuyabonakala ukuthi kwenziwa ukuxhaphaza okuvumela ukuthola amalungelo empande kuhlelo.
Kulabo abanentshisekelo yokwazi ukuthi ngabe ukulungiswa sekuvele kutholakala ukusatshalaliswa kwabo, bangalandelela ukuvela kwezibuyekezo zephakeji ekusabalalisweni okuhlukile emakhasini alandelayo: Ubuntu, Fedora, SUSE, Debian, RHEL, Arch.
Ukusekelwa kokubhalwa kombhalo kwekhonsoli yombhalo kususiwe
Ngakolunye uhlangothi kukhulunywa nge-Linux kernel, kumenyezelwe futhi ukuthi ikhodi yokupheqa umbhalo isusiwe ekufakweni kwekhonsoli yombhalo ku-Linux kernel (CONFIG_VGACON_SOFT_SCROLLBACK).
Ikhodi isuswe ngenxa yokuba khona kwezimbungulu, okwakungekho noyedwa owayengayilungisa ngenxa yokushoda kwemenenja eyengamela ukuthuthukiswa kwe-vgacon.
Futhi yilokho ezinyangeni ezimbalwa ezedlule kwatholwa ukuba sengozini futhi kwalungiswa ku-vgacon (I-CVE-2020-14331) engadala ukugcwala kwe-buffer ngenxa yokushoda kwamasheke atholakalayo ememori ku-buffer yokuphenya. Ukuba sengozini kudonse ukunaka konjiniyela Ohlele izivivinyo ezingekho kahle zekhodi ye-vgacon ku-syzbot.
Ngaphandle kwalokho ukuqinisekiswa okwengeziwe kuveze ezinye izinkinga eziningi Kuyafana kukhodi ye-vgacon, kanye nezinkinga zokufaka isoftware yokuhamba kusilawuli se-fbcon.
Ngeshwa ikhodi yenkinga ishiywe inganakiwe isikhathi eside, mhlawumbe ngenxa yokuthi abathuthukisi bashintshele ekusebenziseni induduzo yokuqhafaza nemibhalo yokududuza yombhalo bayeka ukusetshenziswa (abantu bayaqhubeka nokusebenzisa izikhombisi ze-vgacon ne-fbcon, kepha bekungeyona isikhombimsebenzisi esiyinhloko se-kernel amashumi eminyaka futhi basabalalise imisebenzi efana nokulawula ukuskrola okwakhelwe ngaphakathi (Shift + PgUp / PgUp) kungenzeka ifunwa kancane).
Ngalesi sizathu, ILinus Torvalds inqume ukungazami ukugcina ikhodi engafunwanga, kepha mane usule.
Ekugcineni, kuyashiwo ukuthi uma kukhona abasebenzisi abadinga lokhu kusebenza, ikhodi yokuxhasa ukuskrola kukhonsoli izobuyiselwa ku-kernel ngokushesha nje lapho kukhona umlondolozi olungele noma ofuna ukuphatha ukuyiphatha ngokwabo hands, okungukuthi, ukuphela komuntu ofuna ukunikezela isikhathi kuso.