Qualys tau txheeb xyuas ob qhov tsis zoo (CVE-2021-44731, CVE-2021-44730) hauv snap-confine utility, muab nrog SUID hauv paus chij thiab hu los ntawm cov txheej txheem snapd los tsim ib qho chaw ua haujlwm rau cov ntawv thov xa hauv cov pob khoom siv tus kheej. nyob rau hauv lub snap hom. Cov vulnerabilities tso cai rau ib tus neeg siv tsis muaj cai hauv zos los ua cov cai nrog cov cai hauv paus hauv qhov system. Cov teeb meem tau daws nyob rau hauv niaj hnub snapd pob hloov tshiab rau Ubuntu 21.10, 20.04 thiab 18.04.
Thawj qhov tsis zoo (CVE-2021-44730) tso cai rau kev tawm tsam los ntawm kev sib txuas nyuaj, tab sis yuav tsum muaj kev cuam tshuam cov kab ke nyuaj tiv thaiv (teeb tsa sysctl fs.protected_hardlinks rau 0). Qhov teeb meem yog tshwm sim los ntawm kev txheeb xyuas tsis raug ntawm qhov chaw ntawm cov ntaub ntawv executable ntawm snap-update-ns thiab snap-discard-ns helper programs khiav hauv paus. Txoj hauv kev rau cov ntaub ntawv no tau suav nrog hauv sc_open_snapd_tool() ua haujlwm raws li nws tus kheej txoj hauv kev los ntawm /proc/self/exe, uas tso cai rau koj los tsim qhov txuas nyuaj rau snap-confine hauv koj cov npe thiab tso koj tus kheej versions ntawm snap- update-ns thiab snap-utilities nyob rau hauv no directory discard-ns. Tom qab khiav ntawm qhov txuas nyuaj, snap-confine nrog cov cai hauv paus yuav tso tawm snap-update-ns thiab snap-discard-ns cov ntaub ntawv los ntawm cov npe tam sim no, hloov los ntawm tus neeg tawm tsam.
Qhov thib ob qhov tsis zoo yog tshwm sim los ntawm ib qho kev sib tw thiab tuaj yeem siv rau hauv lub neej ntawd Ubuntu Desktop configuration. Rau kev siv kom ua tiav hauv Ubuntu Server, koj yuav tsum xaiv ib qho ntawm cov pob khoom los ntawm ntu "Featured Server Snaps" thaum txhim kho. Cov xwm txheej ntawm haiv neeg tau tshwm sim hauv setup_private_mount() muaj nuj nqi hu ua thaum lub sij hawm npaj lub mount point namespace rau lub snap pob. Cov haujlwm no tsim cov npe ib ntus β/tmp/snap.$SNAP_NAME/tmpβ lossis siv ib qho uas twb muaj lawm los khi-mount cov npe rau ib pob snap rau hauv nws.
Txij li thaum lub npe ntawm daim ntawv teev npe ib ntus tuaj yeem kwv yees tau, tus neeg tawm tsam tuaj yeem hloov nws cov ntsiab lus nrog cov cim txuas tom qab kuaj xyuas tus tswv, tab sis ua ntej hu rau mount system hu. Piv txwv li, koj tuaj yeem tsim lub symlink "/tmp/snap.lxd/tmp" nyob rau hauv /tmp/snap.lxd directory taw tes rau ib tug arbitrary directory, thiab hu rau mount() yuav ua raws li cov symlink thiab mount cov directory nyob rau hauv lub snap npe. Nyob rau hauv ib txoj kev zoo sib xws, koj tuaj yeem mount koj cov ntsiab lus hauv /var/lib thiab, los ntawm kev hloov /var/lib/snapd/mount/snap.snap-store.user-fstab, npaj lub mounting koj /etc directory hauv lub namespace ntawm lub snap pob los npaj kev thauj khoom ntawm koj lub tsev qiv ntawv los ntawm cov cai hauv paus los ntawm kev hloov /etc/ld.so.preload.
Nws tau raug sau tseg tias tsim kom muaj kev siv dag zog ua haujlwm tsis tseem ceeb, txij li cov khoom siv snap-confine tau sau rau hauv Go siv cov txheej txheem kev ruaj ntseg, muaj kev tiv thaiv raws li AppArmor profiles, lim system hu raws li cov txheej txheem seccomp, thiab siv. lub mount namespace rau kev rho tawm. Txawm li cas los xij, cov kws tshawb fawb tau tuaj yeem npaj qhov kev siv ua haujlwm kom tau txais cov cai hauv paus hauv qhov system. Cov kev siv code yuav raug luam tawm nyob rau hauv ob peb lub lis piam tom qab cov neeg siv nruab qhov muab hloov tshiab.
Tau qhov twg los: opennet.ru