Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Chiwopsezo mu OverlayFS kulola kukwera kwamwayi

Chiwopsezo mu OverlayFS kulola kukwera kwamwayi

Chiwopsezo chadziwika mu Linux kernel pakukhazikitsa fayilo ya OverlayFS (CVE-2023-0386), yomwe ingagwiritsidwe ntchito kupeza mizu pamakina omwe ali ndi kagawo kakang'ono ka FUSE ndikulola kukhazikitsidwa kwa magawo a OverlayFS ndi anthu opanda mwayi. wogwiritsa ntchito (kuyambira pa Linux 5.11 kernel ndikuphatikizidwa kwa malo osagwiritsa ntchito). Nkhaniyi idakonzedwa munthambi ya 6.2 kernel. Kusindikizidwa kwa zosintha zamaphukusi pamagawidwe kumatha kutsatiridwa pamasamba: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Arch.

Kuwukiraku kumachitika ndikukopera mafayilo okhala ndi mbendera za setgid/setuid kuchokera pagawo lokhazikitsidwa munjira ya nosuid kupita ku gawo la OverlayFS lomwe lili ndi gawo logwirizana ndi magawo omwe amalola mafayilo a suid kuti achite. Chiwopsezochi ndi chofanana ndi nkhani ya CVE-2021-3847 yomwe idadziwika mu 2021, koma imasiyana pazofunikira zocheperako - nkhani yakale imafuna kuwongolera kwa xattrs, komwe kumangogwiritsa ntchito malo ogwiritsira ntchito (osuta namespace), ndipo nkhani yatsopanoyi imagwiritsa ntchito bits setgid. /setuid zomwe sizikugwiridwa mwachindunji mu malo ogwiritsira ntchito.

Attack algorithm:

  • Mothandizidwa ndi kagawo kakang'ono ka FUSE, fayilo imayikidwa, momwe muli fayilo yomwe imatha kuchitidwa ndi wogwiritsa ntchito mizu yokhala ndi mbendera za setuid / setgid, zopezeka kwa ogwiritsa ntchito onse kuti alembe. Mukakwera, FUSE imayika mawonekedwe kukhala "nosuid".
  • Osagawana mayina a ogwiritsa ntchito ndi malo okwera (ogwiritsa ntchito / malo okwera).
  • OverlayFS imayikidwa ndi FS yomwe idapangidwa kale mu FUSE monga gawo la pansi ndi pamwamba pa chikwatu cholembedwa. Chikwatu chapamwamba chiyenera kukhala mu fayilo yomwe sigwiritsa ntchito mbendera ya "nosuid" ikayikidwa.
  • Kwa fayilo ya suid mu gawo la FUSE, chogwiritsira ntchito chimasintha nthawi yosinthidwa, zomwe zimatsogolera kukopera kwake pamwamba pa OverlayFS.
  • Mukakopera, kernel sichichotsa mbendera za setgid/setuid, zomwe zimapangitsa kuti fayilo iwonekere pagawo lomwe lingasinthidwe ndi setgid/setuid.
  • Kuti mupeze ufulu wa mizu, ndikokwanira kuyendetsa fayiloyo ndi mbendera za setgid/setuid kuchokera ku bukhu lomwe lili pamwamba pa OverlayFS.

Kuphatikiza apo, titha kuzindikira kuwululidwa ndi ofufuza a Google Project Zero gulu lazavuto zitatu zomwe zidakhazikitsidwa munthambi yayikulu ya Linux 5.15 kernel, koma sizinatumizidwe ku phukusi la kernel kuchokera ku RHEL 8.x/9.x ndi CentOS Stream 9.

  • CVE-2023-1252 - Kufikira malo okumbukira omwe adamasulidwa kale mu ovl_aio_req kapangidwe pomwe mukuchita zingapo nthawi imodzi mu OverlayFS yoyikidwa pamwamba pa fayilo ya Ext4. Kuthekera, kusatetezeka kumakupatsani mwayi wowonjezera mwayi wanu mudongosolo.
  • CVE-2023-0590 - Ponena za malo okumbukira omasulidwa kale mu qdisc_graft() ntchito. Opaleshoniyo imaganiziridwa kuti ingochotsa mimbayo.
  • CVE-2023-1249 - Kufikira kumalo osungira omasulidwa kale mu codedump yolowera chifukwa chakusowa mmap_lock call mu file_files_note. Opaleshoniyo imaganiziridwa kuti ingochotsa mimbayo.

Source: opennet.ru

Kuwonjezera ndemanga