ProHoster > Блог > labaran intanet > Rashin lahani a cikin tsarin eBPF wanda ke ba da izinin aiwatar da lamba a matakin kernel na Linux

Rashin lahani a cikin tsarin eBPF wanda ke ba da izinin aiwatar da lamba a matakin kernel na Linux

An gano wani rauni (CVE-2021-4204) a cikin tsarin eBPF, wanda ke ba ku damar gudanar da masu aiki a cikin kernel Linux a cikin injin kama-da-wane na musamman tare da JIT, yana barin mai amfani mara amfani na gida ya sami haɓaka gata da aiwatar da lambar su a Linux kernel matakin. Matsalar tana bayyana tun Linux kernel 5.8 kuma ta kasance ba a gyara ba (ciki har da sakin 5.16). Matsayin sabuntawa da aka samar don gyara matsalar a cikin rabawa ana iya bin diddigin waɗannan shafuka: Debian, RHEL, SUSE, Fedora, Ubuntu, Arch. An sanar da cewa an ƙirƙiri wani amfani mai aiki, wanda aka shirya za a buga a ranar 18 ga Janairu (an ba masu amfani da masu haɓakawa mako guda don gyara raunin).

Rashin lafiyar yana faruwa ta hanyar tabbatar da kuskuren shirye-shiryen eBPF da aka watsa don aiwatarwa. Ƙarƙashin tsarin eBPF yana ba da ayyuka na taimako, ingantaccen amfani wanda aka tabbatar da shi ta hanyar tabbatarwa ta musamman. Wasu ayyuka suna buƙatar wuce ƙimar PTR_TO_MEM azaman hujja, kuma don hana yuwuwar cikar buffer, mai tabbatarwa dole ne ya san girman ƙwaƙwalwar ajiya mai alaƙa da hujjar. Don ayyukan bpf_ringbuf_submit da bpf_ringbuf_discard, bayanai kan girman ƙwaƙwalwar ajiyar da aka canjawa wuri ba a ba da rahoto ga mai tabbatarwa ba, waɗanda za a iya amfani da su don sake rubuta wuraren ƙwaƙwalwar ajiya fiye da iyakar buffer lokacin aiwatar da ƙirar eBPF na musamman.

Don kai hari, mai amfani dole ne ya iya loda nasa shirin na BPF, kuma yawancin rabawa na Linux kwanan nan sun toshe wannan damar ta tsohuwa (ciki har da samun dama ga eBPF yanzu an hana shi ta tsohuwa a cikin kwaya kanta, farawa da sakin 5.16). Misali, ana iya amfani da raunin rauni a cikin tsoho tsari a cikin Ubuntu 20.04 LTS, amma a cikin mahallin Ubuntu 22.04-dev, Debian 11, openSUSE 15.3, RHEL 8.5, SUSE 15-SP4 da Fedora 33 yana bayyana ne kawai idan mai gudanarwa ya saita. kernel.unprivileged_bpf_disabled siga zuwa 0. A matsayin hanyar da za a bi don toshe raunin, zaku iya hana aiwatar da shirye-shiryen BPF ta masu amfani marasa gata tare da umarnin "sysctl -w kernel.unprivileged_bpf_disabled=1".

source: budenet.ru

Add a comment