Canonical yalengeza zosintha mu Ubuntu 23.10 zomwe zimalepheretsa ogwiritsa ntchito malo ogwiritsira ntchito, kukonza chitetezo cha makina ogwiritsa ntchito kudzipatula paziwopsezo zomwe zimafuna kusinthidwa kwa malo ogwiritsira ntchito. Malinga ndi Google, 44% yazabwino zomwe zikutenga nawo gawo mu Linux kernel vulnerability bounty program zimafunikira luso lopanga malo ogwiritsira ntchito.
M'malo moletsa kulowa kwa osuta, Ubuntu amagwiritsa ntchito chiwembu chosakanizidwa chomwe chimalola mapulogalamu ena kupanga malo ogwiritsira ntchito ngati ali ndi mbiri ya AppArmor ndi lamulo la "lolani ogwiritsa ntchito kupanga" kapena chilolezo cha CAP_SYS_ADMIN. Mwachitsanzo, Chrome ili ndi mbiri yotchedwa /etc/apparmor.d/opt.google.chrome.chrome, yomwe ingagwiritsidwe ntchito ngati chitsanzo popereka mwayi wogwiritsa ntchito dzina la osuta mapulogalamu ena.
Mu kutulutsidwa kwa Ubuntu 23.10 komwe kukubwera, kuletsa mwayi wopeza malo ogwiritsira ntchito kukukonzedwa kuti kuperekedwe ngati njira yosasinthika. M'masabata angapo otsatira pambuyo pa kutulutsidwa kwa Ubuntu 23.10, opanga mapulogalamu adzasonkhanitsa zambiri zokhudzana ndi zotsatira zoyipa zomwe zingachitike chifukwa choletsa mwayi wopeza malo ogwiritsira ntchito pa phukusi ndikukonzekera ma profiles ofanana a AppArmor. Kenako, mukusintha kokhazikika, kuletsako kudzayatsidwa mwachisawawa.
Kuti mulole kuletsa koyambirira, mutha kugwiritsa ntchito malamulo awa: sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=1 sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=1
Kuletsa: sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0 sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
Source: opennet.ru
