Thorsten Kukuk, mutungamiri weboka remangwana rekuvandudza tekinoroji kuSUSE (Future Technology Team, inogadzira yakavhurikaSUSE MicroOS uye SLE Micro), uyo aimbotungamira SUSE LINUX Enterprise Server chirongwa kwemakore gumi, akakurudzira kubvisa iyo /var/run/utmp faira. mukugovera kugadzirisa zvizere dambudziko re10 muGlibc. Zvese zvinoshandiswa zvinoshandisa utmp, wtmp uye lastlog zvinofanirwa kushandurwa kuti zviwane runyorwa rwevashandisi vachishandisa systemd-logind.
Musi wa19 Ndira, 2038, epochal time counters dzakatsanangurwa nemhando ye32-bit time_t dzichapfachukira. Glibc, zvisinei nekuunza 64-bit time_t type, inoramba ichishandisa 32-bit time_t mhando mune dzimwe nguva pamapuratifomu e64-bit kuchengetedza kuenderana ne32-bit mushandisi nzvimbo yekushandisa. Imwe nyaya yakadai ndeye /var/run/utmp faira, inochengeta data nezvevashandisi vapinda muhurongwa. Iyo nguva ndima mu utmp inotsanangurwa uchishandisa 32-bit time_t kukosha.
Kungotsiva nzvimbo yenguva mu utmp kubva ku32-bit kuenda ku64-bit mhando haishande, sezvo izvi zvichizotungamira kune shanduko muGlibc ABI (iyo mhando ichachinja mumabasa senge login(), getutid() uye utmpname. . Nekuda kwekuwanda kwemakomba anobvira uye kuoma, pfungwa yekutsiva iyo time_t type mu utmp yakarambwa nevagadziri veGlibc. Nechikonzero chimwe chete, sarudzo yekushandisa iripo yemahara nzvimbo mune utmp chimiro chekuwedzera imwe 64-bit nguva ndima yakaraswa.
Uye zvakare, kushandura iyo mhando bit kudzika mu utmp hakugadzirise mamwe matambudziko aripo, andinodawo kubvisa. Semuenzaniso, kunyorera utmp kunoda kodzero dzakakosha, izvo zvinoda kuti maitiro apiwe mamwe maropafadzo. Rimwe dambudziko nderekuti utmp architecture inobvumira vashandisi vemunharaunda kuita DoS kurwisa, zvichikonzera kukanganisa kweiyo utmp sevhisi kuburikidza nekunyengedza kwemafaira ekuvhara, izvo zvinoita kuti zvisaite kuve nechokwadi chekuti zviri mukati utmp zvinoratidza mamiriro chaiwo muhurongwa. Izvo zvakakurudzirwa kushandisa imwe yekumashure maitiro ekubata mukana wekuwana utmp, asi kumabasa akadaro kwatove nesystemd-logind maitiro uye kutanga imwe hunyanzvi maitiro hazvikurudzirwe (zvikumbiro zvinofanirwa kuendesa data kune vaviri vanobata panguva imwe chete).
Panguva imwecheteyo, kunyangwe pakugadzirisa dambudziko nekurwiswa kweDoS, zviri mukati utmp zvinoramba zvine ruzivo uye hazvivimbise kuratidzwa kwechokwadi. Semuenzaniso, emulators akasiyana uye materminal multiplexers anoratidza nyika yavo zvakasiyana - kuvhura zviteshi zvishanu zveGNOME zvinozoita kuti mushandisi mumwe aonekwe mu utmp, uye kuvhura konsole shanu kana xterm zviteshi muKDE zvichaguma zvitanhatu. Maitiro echidzitiro uye tmux akafanana akasiyana: muchiitiko chekutanga, chikamu chega chega chinoverengerwa semushandisi akaparadzana, uye mune yechipiri, mushandisi mumwe chete anoratidzwa kune ese masesheni.
Nekuda kweizvozvo, semhinduro yakapusa, inokurudzirwa kuendesa zvese zvikumbiro kushandisa yagara iripo imwe systemd-logind sevhisi uye, mushure mekunge pasina zvirongwa zvazvino zvinowana utmp, mira kurekodha kune utmp. Kutsiva wtmp, zvinokurudzirwa kugadzirira mashandisirwo esoftware ekunyora uye kuverenga ruzivo nezve vashandisi vanoshandisa systemd-journald. Iyo codebase yekuburitswa kunotevera kwesystemd 254 inotosanganisira iyo inodiwa mashandiro ekupa utmp yekutsiva data kuburikidza ne libsystemd uchishandisa sd-login.h API kana kuburikidza neDBUS.
Source: opennet.ru