Tsatanetsatane wa kuukira kwa zomangamanga zomwe zimagwiritsidwa ntchito popanga makina ophunzirira makina a PyTorch zidawululidwa, zomwe zidapangitsa kuti zitheke kutulutsa makiyi ofikira okwanira kuyika zidziwitso zosamveka m'malo osungiramo ntchito zomwe zimatulutsidwa mu GitHub ndi AWS, komanso kulowetsa code. mu nthambi yayikulu ya chosungira ndikuwonjezera chitseko chakumbuyo kudzera pazodalira. PyTorch kutulutsa spoofing kungagwiritsidwe ntchito kuukira makampani akuluakulu monga Google, Meta, Boeing ndi Lockheed Martin omwe amagwiritsa ntchito PyTorch m'mapulojekiti awo. Monga gawo la pulogalamu ya Bug Bounty, Meta idalipira ofufuza $16250 kuti adziwe za vutoli.
Chofunikira pakuwukira ndikutha kuyendetsa nambala yanu pamaseva ophatikizika osalekeza omwe amamanganso ndikuyendetsa ntchito kuyesa zosintha zatsopano zomwe zatumizidwa kumalo osungirako. Nkhaniyi imakhudza mapulojekiti omwe amagwiritsa ntchito awo omwe ali ndi "Self-Hosted Runner" omwe ali ndi GitHub Actions. Mosiyana ndi zochita za GitHub zachikhalidwe, odzichitira okha sathamanga pazida za GitHub, koma pa ma seva awo kapena pamakina omwe amasungidwa ndi opanga.
Kuchita ntchito zapagulu pa maseva anu kumakupatsani mwayi wokonzekera kukhazikitsidwa kwa ma code omwe angayang'ane netiweki yamkati mwabizinesi, fufuzani mafayilo am'deralo kuti mupeze makiyi obisala ndi ma tokeni ofikira, ndikusanthula zosinthika zachilengedwe ndi magawo kuti mupeze zosungira zakunja kapena ntchito zamtambo. Popanda kudzipatula koyenera kwa malo ochitira msonkhano, zomwe zapezeka zinsinsi zitha kutumizidwa kwa omwe akuwukira kunja, mwachitsanzo, kudzera pakupeza ma API akunja. Kuti muwone ngati mapulojekiti akugwiritsa ntchito Self-Hosted Runner, zida za Gato zitha kugwiritsidwa ntchito kusanthula mafayilo opezeka pagulu ndi zipika za CI zoyambitsa ntchito.
Mu PyTorch ndi mapulojekiti ena ambiri omwe amagwiritsa ntchito Self-Hosted Runner, okonza okha omwe kusintha kwawo adawunikiridwa kale ndi anzawo ndikuphatikizidwa mu codebase ya polojekiti amaloledwa kuyendetsa ntchito zomanga. Kukhala ndi "wothandizira" mukamagwiritsa ntchito zosintha zosasinthika m'nkhokwe kumapangitsa kuti zitheke kukhazikitsa othandizira a GitHub Actions potumiza zopempha zokoka ndipo, motero, perekani nambala yanu pamalo aliwonse a GitHub Actions Runner okhudzana ndi malo osungiramo zinthu kapena bungwe lomwe likuyang'anira polojekitiyo.
Ulalo wa "wothandizira" udakhala wosavuta kudumpha - ndikokwanira kuti muyambe kutumiza zosintha zazing'ono ndikudikirira kuti zivomerezedwe pama code, pambuyo pake wopangayo adangolandira udindo wa otenga nawo mbali, omwe zopempha zawo zokoka zimaloledwa kuyesedwa muzomangamanga za CI popanda kutsimikizira kosiyana. Kuti mukwaniritse mawonekedwe okhazikika, kuyesaku kunaphatikizapo zosintha zazing'ono zodzikongoletsera kuti mukonze zolakwika m'zolembedwa. Kuti mupeze mwayi wosungira ndi kusungirako zotulutsa za PyTorch, kuwukirako mukamayendetsa kachidindo mu Self-Hosted Runner kunalanda chizindikiro cha GitHub chomwe chimagwiritsidwa ntchito kuti mupeze malo osungiramo zinthu zomanga, komanso makiyi a AWS omwe amagwiritsidwa ntchito kusunga zotsatira zomanga.
Nkhaniyi siili yeniyeni ku PyTorch ndipo imakhudza mapulojekiti ena ambiri akuluakulu omwe amagwiritsa ntchito makonda a "Self-Hosted Runner" mu GitHub Actions. Mwachitsanzo, kukhazikitsidwa kwa kuukira kofananako kudanenedwa kukhazikitsa backdoor mu ma wallet ena akuluakulu a cryptocurrency ndi ma projekiti a blockchain okhala ndi capitalization ya dollar biliyoni, kusintha kutulutsa kwa Microsoft Deepspeed ndi TensorFlow, kusokoneza imodzi mwamapulogalamu a CloudFlare, komanso kuchita. pa kompyuta pa netiweki ya Microsoft. Tsatanetsatane wa zochitikazi sizinafotokozedwebe. Pansi pa mapulogalamu omwe alipo kale, ofufuza apereka zofunsira zopitilira 20 kuti alandire mphotho za madola masauzande angapo.
Source: opennet.ru