Chiwopsezo (CVE-2022-4415) chadziwika mu gawo la systemd-coredump, lomwe limayang'anira mafayilo oyambira pambuyo pakusokonekera, kulola wogwiritsa ntchito wamba kuti adziwe zomwe zili m'makumbukidwe amwayi omwe akuyenda ndi mbendera ya suid. Nkhani yosinthika yosasinthika yatsimikiziridwa pa kugawa kwa openSUSE, Arch, Debian, Fedora ndi SLES.
Chiwopsezochi chimayamba chifukwa chosowa kukonza koyenera kwa fs.suid_dumpable sysctl parameter mu systemd-coredump, yomwe, ikayikidwa pamtengo wokhazikika wa 2, imalola kutulutsa kotaya kwapakati pamachitidwe okhala ndi mbendera ya suid. Zimamveka kuti mafayilo amtundu wa suid olembedwa ndi kernel ayenera kukhala ndi ufulu wofikira wokhazikitsidwa kuti alole kuwerenga kokha ndi wogwiritsa ntchito mizu. Dongosolo la systemd-coredump, lomwe limatchedwa kernel kuti lisunge mafayilo oyambira, limasunga fayilo yayikulu pansi pa ID ya mizu, komanso imapereka mwayi wowerengera wokhazikika wa ACL pamafayilo oyambira kutengera ID ya mwiniwake yemwe adayambitsa ndondomekoyi. .
Mbali imeneyi amalola download pachimake owona mosaganizira mfundo yakuti pulogalamu akhoza kusintha wosuta ID ndi kuthamanga ndi mwayi wapamwamba. Kuwukiraku kumabwera chifukwa chakuti wogwiritsa ntchito atha kuyambitsa pulogalamu ya suid ndikuitumiza chizindikiro cha SIGSEGV, kenako ndikuyika zomwe zili mufayilo yayikulu, yomwe imaphatikizapo gawo lokumbukira momwe ntchitoyi ikuchitikira panthawi yomaliza.
Mwachitsanzo, wogwiritsa ntchito amatha kuthamanga "/ usr/bin/su" ndipo m'malo ena amasimitsa kuphedwa kwake ndi lamulo "kupha -s SIGSEGV `pidof su`", pambuyo pake systemd-coredump idzasunga fayilo yayikulu mu / var. /lib/systemd/ directory coredump, kuyika ACL yake yomwe imalola kuwerenga ndi wogwiritsa ntchito pano. Popeza suid utility 'su' amawerenga zomwe zili mu / etc/shadow kukumbukira, wowukira atha kudziwa zambiri za mawu achinsinsi a ogwiritsa ntchito onse padongosolo. Sudo utility sichingawopsedwe, chifukwa imaletsa kupanga mafayilo oyambira kudzera pa ulimit.
Malinga ndi opanga ma systemd, chiwopsezo chikuwoneka kuyambira ndi systemd kumasulidwa 247 (November 2020), koma malinga ndi wofufuza yemwe adazindikira vutoli, kumasulidwa 246 kumakhudzidwanso. zogawa zonse zodziwika). Kukonzekera kukupezeka ngati chigamba. Mutha kutsata zomwe zakonzedwa patsamba lotsatirali: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Gentoo, Arch. Monga njira yoyendetsera chitetezo, mutha kukhazikitsa sysctl fs.suid_dumpable ku 0, zomwe zimalepheretsa kutumiza zotayira kwa systemd-coredump handler.
Source: opennet.ru