Mu GRUB2 bootloader 8 zofooka. Zowopsa kwambiri (), yomwe imatchedwa BootHole, dutsani njira ya UEFI Safe Boot ndikuyika pulogalamu yaumbanda yosatsimikizika. Chodabwitsa cha chiwopsezo ichi ndikuti kuchichotsa sikukwanira kusinthira GRUB2, popeza wowukirayo atha kugwiritsa ntchito zowulutsa zomwe zili ndi mtundu wakale wosatetezeka womwe umatsimikiziridwa ndi siginecha ya digito. Wowukira akhoza kusokoneza njira yotsimikizira osati Linux yokha, komanso machitidwe ena ogwiritsira ntchito, kuphatikizapo .
Vutoli litha kuthetsedwa pokonzanso dongosolo (dbx, UEFI Revocation List), koma pamenepa kuthekera kogwiritsa ntchito makina akale oyika ndi Linux kudzatayika. Opanga zida zina aphatikiza kale mndandanda wosinthidwa wa ziphaso zochotsa mu firmware yawo; pamakina otere, zongosinthidwa zokha zagawidwe za Linux zitha kukwezedwa mu UEFI Safe Boot mode.
Kuti muchotse chiwopsezo pakugawira, mudzafunikanso kusinthira oyika, ma bootloaders, mapaketi a kernel, fwupd firmware ndi shim layer, kupanga masiginecha atsopano a digito kwa iwo. Ogwiritsa ntchito adzafunika kusintha zithunzi zoyikapo ndi zina zowulutsa, komanso kuyika mndandanda wochotsa satifiketi (dbx) mu firmware ya UEFI. Musanasinthire dbx ku UEFI, makinawa amakhalabe pachiwopsezo mosasamala kanthu za kukhazikitsa zosintha mu OS.
Chiwopsezo kusefukira kwa buffer komwe kungagwiritsidwe ntchito kuti apereke code yokhazikika panthawi yoyambira.
Chiwopsezochi chimachitika mukasanthula zomwe zili mufayilo yosinthira ya grub.cfg, yomwe nthawi zambiri imakhala mu ESP (EFI System Partition) ndipo imatha kusinthidwa ndi wowukira yemwe ali ndi ufulu woyang'anira popanda kuphwanya kukhulupirika kwa shim yomwe yasainidwa ndi mafayilo a GRUB2. Chifukwa cha mu code yosinthira masinthidwe, chowongolera zolakwika zowopsa YY_FATAL_ERROR adangowonetsa chenjezo, koma sanayimitse pulogalamuyo. Chiopsezo pachiopsezo yafupika ndi kufunika mwayi mwayi kwa dongosolo, Komabe, vuto angafunike kuyambitsa zobisika rootkits ngati muli ndi mwayi thupi zida (ngati n'zotheka jombo anu TV).
Zogawa zambiri za Linux zimagwiritsa ntchito yaying'ono , yosainidwa pakompyuta ndi Microsoft. Chosanjikizachi chimatsimikizira GRUB2 ndi satifiketi yake, yomwe imalola opanga magawo kuti asakhale ndi kernel iliyonse ndikusintha kwa GRUB kotsimikiziridwa ndi Microsoft. Chiwopsezochi chimalola, posintha zomwe zili mu grub.cfg, kuti mukwaniritse kukhazikitsidwa kwa code yanu pagawo mutatsimikizira bwino za shim, koma musanalowetse makina ogwiritsira ntchito, kulowetsedwa mu unyolo wodalirika pamene Safe Boot mode ikugwira ntchito ndikukhala ndi mphamvu zonse. pakuyambanso njira yoyambira, kuphatikiza kutsitsa OS ina, kusinthidwa kwa zida zamakina ogwiritsira ntchito ndi chitetezo chodutsa .
Zowopsa zina mu GRUB2:
- - Kusefukira kwa buffer chifukwa chosowa kuyang'ana kukula kwa malo okumbukira omwe adapatsidwa mu grub_malloc;
- - kuchulukirachulukira mu grub_squash_read_symlink, zomwe zingapangitse kuti deta ilembedwe kupitilira buffer yomwe yaperekedwa;
- - kuchuluka kusefukira mu read_section_from_string, zomwe zingayambitse kulemba deta kupitirira buffer yomwe yaperekedwa;
- - kuchulukirachulukira mu grub_ext2_read_link, zomwe zingapangitse kuti deta ilembedwe kupitilira buffer yomwe yaperekedwa;
- - imakupatsani mwayi wotsitsa ma kernel osasainidwa panthawi yoyambira mwachindunji mu Secure Boot mode popanda shim wosanjikiza;
- - mwayi wofikira kumalo okumbukira omwe adamasulidwa kale (kugwiritsa ntchito-pambuyo paulere) pofotokozeranso ntchito panthawi yothamanga;
- - kuchuluka kusefukira mu initrd size handler.
Zosintha zapaketi za Hotfix zatulutsidwa , , ΠΈ . Za GRUB2 seti ya zigamba.
Source: opennet.ru