Masu bincike daga ƙungiyar Google Project Zero sun buga wata hanya don cin gajiyar rauni (CVE-2020-29661) a cikin aiwatar da mai kula da TIOCSPGRP ioctl daga tsarin tty subsystem na Linux kernel, kuma sun bincika dalla-dalla hanyoyin kariya waɗanda zasu iya toshe irin wannan. rauni.
An gyara kwaro da ke haifar da matsalar a cikin kernel Linux a ranar 3 ga Disamba na bara. Matsalar tana bayyana a cikin kernels har zuwa nau'in 5.9.13, amma yawancin rarrabawa sun gyara matsalar a cikin sabuntawa zuwa fakitin kwaya da aka bayar a bara (Debian, RHEL, SUSE, Ubuntu, Fedora, Arch). An sami irin wannan rauni (CVE-2020-29660) a lokaci guda a cikin aiwatar da kiran TIOCGSID ioctl, amma kuma an riga an gyara shi a ko'ina.
Matsalar tana faruwa ne ta hanyar kuskure lokacin saita makullai, yana haifar da yanayin tsere a cikin lambar direbobi/tty/tty_jobctrl.c, wanda aka yi amfani da shi don ƙirƙirar yanayi mara amfani da aka yi amfani da shi daga sararin mai amfani ta hanyar magudin ioct. yana kiran TIOCSPGRP. An nuna fa'idar aiki don haɓaka gata akan Debian 10 tare da kernel 4.19.0-13-amd64.
A lokaci guda kuma, labarin da aka buga ba ya mayar da hankali sosai kan fasaha na ƙirƙirar amfani mai aiki ba, amma a kan irin kayan aikin da ke cikin kernel don kare kariya daga irin wannan lahani. Ƙarshen ba ta kwantar da hankali ba; hanyoyi irin su rarraba ƙwaƙwalwar ajiya a cikin tarin da kuma sarrafa damar ƙwaƙwalwar ajiya bayan an sake shi ba a yi amfani da su ba a aikace, saboda suna haifar da raguwa a cikin aiki, da kuma CFI (Control Flow Integrity) -kariya, wanda ke ba da damar yin amfani da shi. toshe cin nasara a cikin matakai na gaba na harin, yana buƙatar haɓakawa.
Lokacin yin la'akari da abin da zai kawo canji a cikin dogon lokaci, wanda ya fi dacewa shine amfani da na'urori masu bincike na ci gaba ko amfani da harsuna masu aminci kamar su Rust da C tare da cikakkun bayanai (kamar Checked C) don dubawa. yanayi yayin lokacin ginin.makulle, abubuwa da masu nuni. Hanyoyin kariya kuma sun haɗa da kunna yanayin tsoro_on_oops, canza tsarin kernel zuwa yanayin karantawa kawai, da hana samun damar kiran tsarin ta amfani da hanyoyi kamar su seccomp.
source: budenet.ru