Mu systemd system manager kusatetezeka (), zomwe zimakupatsani mwayi wogwiritsa ntchito nambala yanu ndi mwayi wapamwamba potumiza pempho lopangidwa mwapadera pa basi ya DBus. Vuto lidakhazikika pakutulutsidwa kwa mayeso (zigamba zomwe zimathetsa vutoli: , , ). Chiwopsezo chakhazikika pakugawa , , (akuwoneka mu RHEL 8, koma samakhudza RHEL 7), ΠΈ , koma panthawi yolemba nkhaniyo imakhalabe yosakonzedwanso ΠΈ .
Chiwopsezocho chimayamba chifukwa chofikira malo okumbukira omwe adamasulidwa kale (kugwiritsa ntchito-mufulu), zomwe zimachitika mukamafunsira mosabisa ku Polkit pokonza mauthenga a DBus. Malo ena a DBus amagwiritsa ntchito cache kusunga zinthu kwakanthawi kochepa ndikuchotsa zolembera basi ya DBus ikangokhala yaufulu kuyankha zopempha zina. Ngati woyendetsa njira ya DBus akugwiritsa ntchito bus_verify_polkit_async(), pangafunike kudikirira kuti zochita za Polkit zithe. Polkit ikakonzeka, wogwirizira amayitanidwanso ndikufikira zomwe zagawidwa kale kukumbukira. Ngati pempho ku Polkit litenga nthawi yayitali, zinthu zomwe zili mu cache zidzachotsedwa njira ya DBus isanatchulidwe kachiwiri.
Pakati pa mautumiki omwe amalola kugwiritsira ntchito chiwopsezo, systemd-machined imatchulidwa, yomwe imapereka DBus API org.freedesktop.machine1.Image.Clone, zomwe zimatsogolera kusungirako kwakanthawi kwa data mu cache ndi kupeza asynchronous ku Polkit. Chiyankhulo
org.freedesktop.machine1.Image.Clone ikupezeka kwa onse ogwiritsa ntchito makina osavomerezeka, omwe amatha kusokoneza mautumiki a systemd kapena kupangitsa kuti code ichitidwe ngati mizu (chiwonetsero cha exploit sichinawonetsedwebe). Code yomwe imalola kugwiritsa ntchito chiwopsezocho inali mu systemd-makina mu mtundu wa 2015 (RHEL 7.x imagwiritsa ntchito systemd 219).
Source: opennet.ru