Ndị ọrụ nyocha sitere na otu Google Project Zero bipụtara usoro maka iji adịghị ike (CVE-2020-29661) na mmejuputa TIOCSPGRP ioctl njikwa site na tty subsystem nke Linux kernel, wee nyochaa nke ọma usoro nchebe nke nwere ike igbochi ndị dị otú ahụ. adịghị ike.
A doziri ahụhụ na-akpata nsogbu ahụ na Linux kernel na Disemba 3 nke afọ gara aga. Nsogbu a pụtara na kernels ruo ụdị 5.9.13, mana ọtụtụ nkesa edozila nsogbu ahụ na mmelite na ngwugwu kernel enyere n'afọ gara aga (Debian, RHEL, SUSE, Ubuntu, Fedora, Arch). Achọpụtara adịghị ike yiri nke ahụ (CVE-2020-29660) n'otu oge na mmejuputa oku ioctl TIOCGSID, mana edoziwokwa ya ebe niile.
A na-ebute nsogbu ahụ site na njehie mgbe ị na-edozi mkpọchi, na-eduga na ọnọdụ agbụrụ na koodu ọkwọ ụgbọala/tty/tty_jobctrl.c, nke e ji emepụta ọnọdụ na-enweghị ihe ọ bụla na-erigbu site na ohere onye ọrụ site na ioct manipulation site na ịkpọ TIOCSPGRP. Egosiputara nrigbu na-arụ ọrụ maka mmụba ihe ùgwù na Debian 10 jiri kernel 4.19.0-13-amd64.
N'otu oge ahụ, isiokwu a na-ebipụta na-elekwasị anya ọ bụghị nke ukwuu na usoro nke ịmepụta nri na-arụ ọrụ, kama na ngwá ọrụ ndị dị na kernel iji chebe megide adịghị ike dị otú ahụ. Nkwubi okwu ahụ abụghị ihe na-akasi obi; ụzọ ndị dị ka nkewa ebe nchekwa na ikpo okwu na njikwa nke ịnweta ebe nchekwa mgbe a tọhapụrụ ya, anaghị eji ya eme ihe, ebe ọ bụ na ha na-eduga n'ịbelata arụmọrụ, yana nchedo CFI (Control Flow Integrity), nke dabeere na nchebe. blocks na-erigbu na njedebe nke mbuso agha, chọrọ nkwalite.
Mgbe ị na-atụle ihe ga-eme ka ọ dị iche na ogologo oge, nke pụtara ìhè bụ iji ndị nyocha static dị elu ma ọ bụ iji asụsụ nchekwa nchekwa dị ka Rust na C olu nwere nkọwa bara ụba (dị ka Checked C) iji lelee. kwuo n'oge a na-arụ ọrụ. Mkpọchi, ihe na ntụnye aka. Ụzọ nchebe gụnyekwara ịgbalite ọnọdụ panic_on_oops, ịgbanwe usoro kernel ka ọ bụrụ naanị usoro ọgụgụ, yana igbochi ịnweta oku sistemụ site na iji usoro dị ka seccomp.
isi: opennet.ru