ProHoster > Blog > labaran intanet > Rashin lafiyar da ke cikin Nix da Lix wanda ke ba da damar haɓaka gata

Rashin lafiyar da ke cikin Nix da Lix wanda ke ba da damar haɓaka gata

An gano wani rauni a cikin manajojin kunshin Nix da Lix wanda ke ba da damar aiwatar da lambar tare da gata na tsarin bango, wanda ke gudana a ƙarƙashin tushen mai amfani akan NixOS da shigarwar masu amfani da yawa. Matsalar (ba a sanya CVE ba) tana shafar tsarin bango na nix-daemon, wanda ake amfani da shi don samar wa masu amfani marasa gata damar yin ayyukan gini da kuma wurin ajiyar fakitin.

Rashin lafiyar ta samo asali ne daga rashin takaita sarrafa kundin adireshi mai maimaitawa a cikin lambar nazarin NAR (Nix Archive). Ana iya amfani da wannan don haifar da gajiyar tarin coroutine da kuma sake rubuta abubuwan da ke cikin tarin da ke bayan tarin ba tare da shafukan tsaro ba. Duk wani mai amfani da ke da ikon kafa haɗi zuwa nix-daemon zai iya amfani da wannan matsalar. Ta hanyar tsoho, duk masu amfani suna da wannan damar, wanda ke ba su damar ɗaukaka gatansu ga tushen mai amfani a cikin shigarwar Nix mai amfani da yawa.

An warware matsalar ta hanyar iyakance matakin sake dawowa zuwa kundin adireshi 64 da aka gina a cikin gida, ƙara shafukan tsaro tsakanin tarin da tarin, da kuma aiwatar da ƙarin bincike don hanyoyin haɗi a cikin NAR. A cikin Nix, raunin ya bayyana yana farawa daga sigar 2.24.4 kuma an gyara shi a cikin fitowar 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, da 2.28.7. A cikin Lix, raunin ya bayyana a cikin fitowar 2.93.0 kuma an gyara shi a cikin sabuntawa 2.93.4, 2.94.2, da 2.95.2. Manajan kunshin Guix ba shi da alaƙa da raunin.

Bugu da ƙari, sabuntawar Nix da aka buga sun gyara wani rauni (babu CVE) wanda aka kimanta a matsakaicin matakin tsanani (4.3 cikin 10). Matsalar ta kasance tun daga Nix 2.24.7 kuma tana ba da damar rubuta fayiloli zuwa wani yanki a wajen babban fayil ɗin tushen inda aka buɗe rumbun adana bayanai. Ana amfani da raunin ta hanyar ƙirƙirar abubuwa masu hanyoyin fayil cikakke a cikin fayilolin tar. Lokacin buɗe irin waɗannan rumbun adana bayanai tare da umarnin "nix-prefetch-url --unpack" ko "nix store prefetch-file --unpack", ana cire fayiloli masu hanyoyin cikakkun bayanai kamar yadda yake, ba tare da canza su zuwa hanyoyin da suka dace ba.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster