Vatsvagiri kubva kuchikwata cheGoogle Project Zero vakaburitsa nzira yekushandisa kusazvibata (CVE-2020-29661) mukuitwa kweTIOCSPGRP ioctl handler kubva kune tty subsystem yeLinux kernel, uye vakaongororawo zvakadzama nzira dzekudzivirira dzinogona kuvhara zvakadaro. vulnerabilities.
Iyo bug inokonzeresa dambudziko yakagadziriswa muLinux kernel muna Zvita 3 gore rapfuura. Dambudziko rinoonekwa mumakernels kusvika kune vhezheni 5.9.13, asi kugovera kwakawanda kwakagadzirisa dambudziko mukuvandudza kune kernel mapakeji akapihwa gore rapfuura (Debian, RHEL, SUSE, Ubuntu, Fedora, Arch). Kusagadzikana kwakafanana (CVE-2020-29660) kwakawanikwa panguva imwe chete mukuitwa kweTIOCGSID ioctl kufona, asi yakatogadziriswa kwese kwese.
Dambudziko rinokonzerwa nekukanganisa pakuseta makiyi, zvinotungamira kune mamiriro emujaho mudhiraivha/tty/tty_jobctrl.c kodhi, iyo yakashandiswa kugadzira-mushure-yemahara mamiriro akashandiswa kubva munzvimbo yemushandisi kuburikidza neoct manipulations. kudana TIOCSPGRP. Kubata kwekushanda kwakaratidzwa ropafadzo yekukwira paDebian 10 ine kernel 4.19.0-13-amd64.
Panguva imwecheteyo, chinyorwa chakaburitswa chinotarisa kwete zvakanyanya pahunyanzvi hwekugadzira kushandiswa kwekushanda, asi kuti ndezvipi zvishandiso zviripo mukernel kudzivirira kubva mukusagadzikana kwakadaro. Mhedziso hainyaradzi; nzira dzakadai sechikamu chendangariro mumurwi uye kutonga kwekuwana ndangariro mushure mekunge yasunungurwa haishandiswe mukuita, sezvo ichitungamira mukudzikira kwekuita, uye CFI (Control Flow Integrity) -based protection, iyo mabhuroki ekushandisa mumatanho ekupedzisira ekurwiswa, anoda kuvandudzwa.
Kana uchifunga zvingaite mutsauko mukufamba kwenguva, chimwe chinomira pachena ndeye kushandiswa kweyepamusoro static analyzer kana kushandisa mitauro yakachengeteka mundangariro seRust neC dialects ine hupfumi hwezvirevo (seCheki C) kutarisa. taura panguva yechikamu chekuvaka.kiyi, zvinhu uye zvinongedzo. Nzira dzekudzivirira dzinosanganisirawo kumisa iyo panic_on_oops modhi, kushandura kernel zvimiro kuti iverenge-chete modhi, uye kudzora kupinda kune system mafoni uchishandisa masisitimu akadai seccomp.
Source: opennet.ru