ProHoster > Блог > labaran intanet > Rashin lahani a cikin OverlayFS yana ba da damar haɓaka gata

Rashin lahani a cikin OverlayFS yana ba da damar haɓaka gata

A cikin zuciyar Linux An gano rauni (CVE-2023-0386) a cikin aiwatar da tsarin fayil ɗin OverlayFS, wanda za a iya amfani da shi don samun damar shiga tushen tsarin da aka sanya tsarin FUSE kuma yana ba da damar hawa ɓangarorin OverlayFS ta hanyar mai amfani mara izini (farawa da kernel) Linux 5.11 tare da haɗa wuraren suna na mai amfani marasa gata). An gyara matsalar a reshen kernel na 6.2. Ana iya bin diddigin wallafa sabuntawar fakiti a cikin rarrabawa a shafuka masu zuwa: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Arch.

Ana yin harin ta hanyar kwafin fayiloli tare da tutocin setgid/setuid daga ɓangaren da aka ɗora a yanayin nosuid zuwa ɓangaren OverlayFS tare da Layer mai alaƙa da ɓangaren da ke ba da izinin aiwatar da fayil ɗin suid. Rashin lahani yana kama da CVE-2021-3847, wanda aka gano a cikin 2021, amma yana da ƙananan buƙatun amfani. Tsohuwar batun ta buƙaci yin amfani da xattrs, waɗanda aka iyakance lokacin amfani da wuraren sunan mai amfani, yayin da sabon batun yana amfani da bits setgid/setuid, waɗanda ba a sarrafa su musamman a cikin wuraren sunayen mai amfani.

Algorithm don kai harin:

  • Ana amfani da tsarin FUSE don hawa tsarin fayil ɗin da ke ɗauke da fayil ɗin aiwatarwa mallakar tushen tare da tutocin setuid/setgid waɗanda duk masu amfani ke iya rubutawa. Lokacin hawa, FUSE yana saita yanayin "nosuid".
  • Ba a raba wuraren sunaye da masu amfani.
  • Dutsen OverlayFS ta amfani da tsarin fayil ɗin FUSE da aka ƙirƙira a baya azaman layin ƙasa da jagorar rubutu azaman saman saman. Dole ne babban kundin tsarin mulki ya zauna akan tsarin fayil wanda baya amfani da tutar "nosuid" lokacin da aka ɗora shi.
  • Mai amfani taɓawa yana canza lokacin gyara fayil ɗin suid a cikin ɓangaren FUSE, wanda ke sa a kwafi shi zuwa saman Layer OverlayFS na sama.
  • Lokacin yin kwafi, kernel ɗin baya cire tutocin setgid/setuid, wanda ke haifar da fayil ɗin yana bayyana a cikin ɓangaren da ke ba da damar sarrafa saiti/setuid.
  • Don samun tushen haƙƙoƙin, kawai gudanar da fayil tare da tutocin setgid/setuid daga kundin adireshi da aka haɗe zuwa saman saman OverlayFS.

Bugu da ƙari, masu bincike daga ƙungiyar Google Project Zero sun bayyana bayanai game da raunin da ya faru guda uku da aka gyara a babban reshen ƙwayar. Linux 5.15, amma ba a mayar da su zuwa fakitin kernel daga RHEL 8.x/9.x da CentOS Watsawa ta 9.

  • CVE-2023-1252 - Samun dama ga yankin ƙwaƙwalwar ajiya da aka saki a baya a cikin tsarin ovl_aio_req yayin ayyuka da yawa na lokaci ɗaya a cikin OverlayFS wanda aka tura a saman Ext4. Wannan rashin lafiyar na iya ba da damar haɓaka gata.
  • CVE-2023-0590 - Samun dama ga yankin ƙwaƙwalwar ajiya da aka saki a baya a cikin aikin qdisc_graft(). Ana sa ran za'a iyakance amfani da wani hadari.
  • CVE-2023-1249 - Magana zuwa yankin ƙwaƙwalwar ajiya da aka 'yanta a baya a cikin lambar rubutu na coredump yana faruwa saboda kiran da aka rasa na mmap_lock a cikin file_files_note. Ana sa ran za'a iyakance amfani da wani hadari.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster