Mune GRUB2 bootloader 8 kushaya simba. Zvikuru zvine ngozi (), iyo inonzi BootHole, pfuura iyo UEFI Yakachengeteka Boot maitiro uye isa isina kusimbiswa malware. Iyo yakasarudzika yekusagadzikana uku ndeyekuti kuibvisa hakuna kukwana kugadzirisa GRUB2, sezvo munhu anorwisa anogona kushandisa bootable media ine yekare panjodzi vhezheni inosimbiswa nedhijitari siginecha. Anorwisa anogona kukanganisa maitiro ekusimbisa kwete eLinux chete, asiwo emamwe masisitimu anoshanda, kusanganisira .
Dambudziko rinogona kugadziriswa chete nekuvandudza sisitimu (dbx, UEFI Revocation List), asi mune iyi nyaya kugona kushandisa yekare yekuisa midhiya neLinux kucharasika. Vamwe vagadziri vemidziyo vakatobatanidza rondedzero yakagadziridzwa yezvitupa zvekubvisa mune yavo firmware; pane akadaro masisitimu, chete akagadziridzwa anovaka eLinux kugovera anogona kurodha muUEFI Yakachengeteka Boot mode.
Kuti ubvise kusadzivirirwa mukugovewa, iwe unozofanirwawo kugadzirisa vanoisa, bootloaders, kernel mapakeji, fwupd firmware uye shim layer, kuvagadzira mitsva yedhijitari siginecha yavo. Vashandisi vanozodiwa kuti vagadzirise yekuisa mifananidzo uye mamwe mabhootable midhiya, pamwe nekurodha reti revocation list (dbx) muEFI firmware. Usati wagadzirisa dbx kuUEFI, sisitimu inoramba iri panjodzi zvisinei nekuiswa kwezvigadziriso muOS.
Kunetseka buffer mafashama iyo inogona kushandiswa kuita zvehumwe kodhi panguva yebhoti process.
Kusagadzikana kunoitika kana kupatsanura zviri mukati me grub.cfg configuration file, iyo inowanzowanikwa muESP (EFI System Partition) uye inogona kugadziridzwa neanorwisa ane kodzero dzemaneja pasina kutyora kuvimbika kweiyo yakasainwa shim uye GRUB2 mafaira anotemerwa. Nekuda kwe mune yekumisikidza parser kodhi, mugadziri weanouraya parsing zvikanganiso YY_FATAL_ERROR angoratidza yambiro, asi haana kumisa chirongwa. Njodzi yekuzvishingisa inoderedzwa neinodiwa yekuwana mukana wekuwana system; zvisinei, dambudziko racho rinogona kudiwa kuti riunze mikoko yakavanzika kana iwe uine mukana wemidziyo (kana zvichiita kubhowa kubva kune yako venhau).
Zvizhinji zvekugovera Linux zvinoshandisa diki , yakasainwa neMicrosoft. Iyi nhanho inosimbisa GRUB2 nechitupa chayo, iyo inobvumira vanogadzira kugovera kuti vasave nechero kernel uye GRUB update yakasimbiswa neMicrosoft. Kusagadzikana kunobvumira, nekushandura zviri mukati me grub.cfg, kuita kodhi yako padanho mushure mekubudirira shim verification, asi usati warodha sisitimu yekushandisa, kupinda mucheni yekuvimba kana Secure Boot mode ichishanda uye kuwana kutonga kuzere. pamusoro peimwezve bhutsu maitiro, kusanganisira kurodha imwe OS , kugadziridzwa kweanoshanda sisitimu zvikamu uye nekupfuura kudzivirira .
Zvimwe zvinokanganisa muGRUB2:
- -buffer kufashukira nekuda kwekushaikwa kwekutarisa saizi yenzvimbo yakagoverwa yekurangarira mugrub_malloc;
- - huwandu hwakafashukira mu grub_squash_read_symlink, izvo zvinogona kutungamira kuti data inyorwe kupfuura iyo yakagoverwa buffer;
- - integer kufashukira mu read_section_from_string, izvo zvinogona kutungamira pakunyora data kupfuura iyo yakagoverwa buffer;
- - nhamba yakazara mu grub_ext2_read_link, izvo zvinogona kutungamira kuti data inyorwe kupfuura iyo yakagoverwa buffer;
- - inokutendera iwe kurodha isina kusaina kernels panguva yakananga bhutsu mune Yakachengeteka Boot mode pasina shim layer;
- - kuwana kune yakatosunungurwa ndangariro nzvimbo (shandisa-mushure-yemahara) paunenge uchitsanangurazve basa panguva yekumhanya;
- - huwandu hwakafashukira mune initrd size handler.
Hotfix pack inogadziridza yakaburitswa , , ΠΈ . ZveGRUB2 seti yezvigamba.
Source: opennet.ru