ProHoster > Блог > xov xwm hauv internet > Ib txoj kev siv rau kev siv qhov tsis muaj zog hauv kernel's tty subsystem tau raug qhia tawm. Linux

Ib txoj kev siv rau kev siv qhov tsis muaj zog hauv kernel's tty subsystem tau raug qhia tawm. Linux

Cov kws tshawb nrhiav los ntawm Google pab pawg Project Zero tau tshaj tawm ib txoj hauv kev los siv qhov tsis muaj zog (CVE-2020-29661) hauv kev siv TIOCSPGRP ioctl handler los ntawm kernel's tty subsystem. Linux, thiab kuj tau tshuaj xyuas kom meej txog cov txheej txheem tiv thaiv uas tuaj yeem thaiv cov qhov tsis muaj zog no.

Qhov kab laum ua rau muaj teeb meem tau kho lawm hauv lub kernel. Linux rov qab rau lub Kaum Ob Hlis 3 ntawm lub xyoo tas los. Qhov teeb meem tshwm sim hauv cov kernels ua ntej version 5.9.13, tab sis feem ntau cov kev faib tawm tau kho qhov teeb meem hauv cov pob khoom kernel tshiab tso tawm xyoo tas los (Debian, RHEL, SUSE, Ubuntu, Fedora, Arch). Ib qho kev tsis zoo sib xws (CVE-2020-29660) tau pom tib lub sijhawm hauv kev siv TIOCGSID ioctl hu, tab sis nws kuj tau raug kho dav dav lawm.

Qhov teeb meem no yog tshwm sim los ntawm qhov yuam kev teeb tsa xauv, ua rau muaj kev sib tw hauv drivers/tty/tty_jobctrl.c, uas tau siv tau zoo los tsim kom muaj kev siv tom qab tsis muaj kev siv, siv tau los ntawm qhov chaw neeg siv los ntawm kev tswj hwm TIOCSPGRP ioct hu. Ib qho kev siv tsis raug tau pom tias ua haujlwm rau kev nce qib cai hauv Debian 10 nrog lub kernel 4.19.0-13-amd64.

Tsab xov xwm uas tau luam tawm no tsis tsom mus rau cov txheej txheem rau kev tsim ib qho kev siv tsis raug thiab ntau dua rau cov cuab yeej kernel uas twb muaj lawm rau kev tiv thaiv cov qhov tsis zoo no. Qhov xaus lus tsis txhawb nqa: cov txheej txheem xws li kev faib cov cim xeeb heap thiab kev tswj hwm tom qab tsis pub siv tsis raug siv rau hauv kev xyaum vim tias lawv ua rau kev ua haujlwm txo qis, thiab CFI (Control Flow Integrity)-raws li kev tiv thaiv, uas thaiv cov kev siv tsis raug hauv theem kawg ntawm kev tawm tsam, xav tau kev txhim kho ntxiv.

Thaum xav txog yam uas yuav ua rau qhov xwm txheej zoo dua yav tom ntej, cov cuab yeej ntsuas zoo li qub lossis cov lus uas muaj kev nyab xeeb rau lub cim xeeb, xws li Rust thiab C dialects nrog cov lus piav qhia zoo (piv txwv li, Checked C), raug hais txog. Cov lus no xyuas lub xeev ntawm cov xauv, cov khoom, thiab cov taw qhia thaum lub sijhawm tsim. Lwm cov txheej txheem tiv thaiv pom zoo suav nrog kev qhib panic_on_oops, ua rau cov qauv kernel nyeem nkaus xwb, thiab txwv tsis pub nkag mus rau kev hu xov tooj hauv lub system siv cov txheej txheem xws li seccomp.

Tau qhov twg los: opennet.ru

Yuav txhim khu kev qha hosting rau cov chaw nrog DDoS tiv thaiv, VPS VDS servers 🔥 Yuav lub vev xaib hosting txhim khu kev qha nrog kev tiv thaiv DDoS, VPS VDS servers | ProHoster