Masu haɓaka dandalin wayar hannu , wanda ya maye gurbin CyanogenMod, game da gano alamun satar kayan aikin. An lura cewa da karfe 6 na safe (MSK) a ranar 3 ga Mayu, maharin ya sami damar shiga babban sabar na tsarin gudanarwar daidaitawa. ta hanyar yin amfani da rashin lahani da ba a fayyace ba. A halin yanzu ana nazarin lamarin kuma har yanzu ba a samu cikakken bayani ba.
kawai cewa harin bai shafi maɓallan don samar da sa hannun dijital ba, tsarin taro da lambar tushe na dandamali - maɓallan. akan runduna gaba ɗaya keɓanta da babban kayan aikin da aka sarrafa ta hanyar SaltStack, kuma an dakatar da ginin saboda dalilai na fasaha a ranar 30 ga Afrilu. Yin la'akari da bayanin da ke kan shafin Masu haɓakawa sun riga sun dawo da uwar garken tare da tsarin bitar lambar Gerrit, gidan yanar gizon da wiki. Sabar da ke da majalisai (builds.lineageos.org), tashar yanar gizo don zazzage fayiloli (download.lineageos.org), sabar wasiku da tsarin daidaita turawa zuwa madubai sun kasance a kashe su.
An kai harin ne saboda gaskiyar cewa tashar tashar sadarwa (4506) don samun damar SaltStack An toshe shi don buƙatun waje ta hanyar Tacewar zaɓi - maharin dole ne ya jira mummunan rauni a cikin SaltStack don bayyana da amfani da shi kafin masu gudanarwa su shigar da sabuntawa tare da gyarawa. Ana shawartar duk masu amfani da SaltStack da su sabunta tsarin su cikin gaggawa kuma su duba alamun hacking.
A bayyane yake, hare-haren ta hanyar SaltStack ba'a iyakance ga hacking LineageOS ba kuma sun zama tartsatsi - yayin rana, masu amfani daban-daban waɗanda ba su da lokacin sabunta SaltStack gano rashin daidaituwa na kayan aikin su tare da sanya lambar ma'adinai ko bayan gida akan sabobin. Ciki har da game da irin wannan hacking na kayan aikin tsarin sarrafa abun ciki , wanda ya shafi shafukan yanar gizo na Ghost(Pro) da lissafin kuɗi (an yi iƙirarin cewa lambobin katin kuɗi ba su shafi ba, amma kalmar sirrin masu amfani da Ghost na iya fadawa hannun maharan).
Afrilu 29th sun kasance Sabunta dandalin SaltStack и , inda aka kawar da su (an buga bayani game da raunin da ya faru a Afrilu 30), waɗanda aka sanya mafi girman matakin haɗari, tunda ba su da tabbaci. kisa mai nisa duka biyu akan mai sarrafa mai sarrafa (gishiri-master) da kuma akan duk sabar da aka sarrafa ta hanyarsa.
- Lalacewar farko () yana faruwa ne ta hanyar rashin ingantaccen cak lokacin kiran hanyoyin ajin ClearFuncs a cikin tsarin gishiri-master. Rashin lahani yana bawa mai amfani damar samun dama ga wasu hanyoyin ba tare da tantancewa ba. Ciki har da ta hanyoyi masu matsala, mai hari na iya samun alama don samun dama tare da tushen haƙƙoƙin uwar garken uwar garken kuma ya gudanar da kowane umarni akan rundunonin da aka yi amfani da su wanda daemon ke gudana. . Facin kawar da wannan raunin shine Kwanaki 20 da suka wuce, amma bayan amfani da shi sun bayyana , yana haifar da gazawa da rushewar aiki tare da fayil.
- Lalaci na biyu () yana ba da damar, ta hanyar magudi tare da ajin ClearFuncs, don samun damar yin amfani da hanyoyin ta hanyar wucewa ta wata hanya da aka tsara, wanda za'a iya amfani dashi don cikakken damar yin amfani da kundayen adireshi a cikin FS na uwar garken uwar garken tare da haƙƙin tushen, amma yana buƙatar ingantacciyar hanyar shiga ( Ana iya samun irin wannan damar ta amfani da raunin farko kuma a yi amfani da rauni na biyu don daidaitawa gaba ɗaya duk abubuwan more rayuwa).
source: budenet.ru