An gano wani rauni (CVE-2022-31214) a cikin keɓancewar aikace-aikacen Firejail wanda ke bawa mai amfani da gida damar samun tushen gata akan tsarin runduna. Akwai fa'idar aiki da ake samu a cikin jama'a, wanda aka gwada a cikin abubuwan da aka fitar na yanzu na openSUSE, Debian, Arch, Gentoo da Fedora tare da shigar da kayan aikin gidan kashe gobara. An gyara batun a gidan yari 0.9.70 saki. A matsayin tsarin aiki don kariya, zaku iya saita sigogin "join no" da "force-nonowprivs yes" a cikin saitunan (/etc/firejail/firejail.config).
Firejail yana amfani da wuraren suna, AppArmor, da tacewa tsarin kira (seccomp-bpf) a cikin Linux don keɓewa, amma yana buƙatar manyan gata don saita keɓantaccen kisa, wanda yake samun ta hanyar ɗaure tushen tushen amfanin amfanin suid tushen ko gudana tare da sudo. Rashin lahani yana faruwa ta hanyar kuskure a cikin dabaru na zaɓin "--join=". ", wanda aka yi niyya don haɗawa zuwa keɓantaccen yanayi da ke gudana (mai kama da umarnin shiga don yanayin sandbox) tare da ma'anar muhalli ta hanyar gano tsarin da ke gudana a ciki. A lokacin sake saitin gata na farko, gidan yari yana ƙayyade gata na ƙayyadaddun tsari kuma yana amfani da su zuwa sabon tsari wanda aka haɗa da muhalli ta amfani da zaɓin "-join".
Kafin haɗawa, yana bincika ko ƙayyadadden tsari yana gudana a cikin yanayin gidan kashe gobara. Wannan rajistan yana kimanta kasancewar fayil ɗin /run/firejail/mnt/join. Don yin amfani da raunin rauni, maharin na iya kwaikwayi tatsuniyar, yanayin gidan yarin da ba keɓantacce ba ta amfani da sararin sunan dutsen, sannan ya haɗa shi ta amfani da zaɓin "-join". Idan saitunan ba su ba da damar yanayin hana samun ƙarin gata a cikin sabbin matakai (prctl NO_NEW_PRIVS), gidan wuta zai haɗa mai amfani zuwa mahalli mai ɓarna kuma yayi ƙoƙarin aiwatar da saitunan sunan mai amfani na tsarin init (PID 1).
A sakamakon haka, tsarin da aka haɗa ta hanyar "firejail -join" zai ƙare a cikin ainihin sunan mai amfani na mai amfani tare da gata maras canzawa, amma a cikin wani wuri na dutse daban, wanda maharin ke sarrafa gaba ɗaya. Har ila yau, mai kai hari zai iya aiwatar da shirye-shiryen saiti-tushen a cikin filin dutsen da ya ƙirƙira, wanda ya ba da damar, alal misali, canza saitunan / sauransu / sudoers ko sigogin PAM a cikin tsarin fayil ɗinsa kuma yana iya aiwatar da umarni tare da haƙƙin tushen ta amfani da sudo ko su utilities.
source: budenet.ru