Qualys yaona njodzi yechitatu yenjodzi gore rino (CVE-2022-3328) mune snap-confine utility, iyo inouya neSUID mudzi mureza uye inodaidzwa neiyo snapd maitiro ekugadzira nharaunda inogoneka yezvikumbiro zvakagoverwa mumapakeji ega. mune snap format. Kusagadzikana kunobvumira mushandisi wemuno asina rusarura kuti aite kodhi kuuraya semudzi mukumisikidzwa kweUbuntu. Nyaya inogadziriswa mu snapd 2.57.6 kusunungurwa. Pakeji yekuvandudza yakaburitswa kune ese anotsigirwa mapazi eUbuntu.
Sezvineiwo, kusadzikama kuri mubvunzo kwakaunzwa panguva yekugadzirisa zvakafanana Kukadzi kusagadzikana mu snap-confine. Vatsvakurudzi vakakwanisa kugadzirira kushandiswa kwekushanda kunopa midzi yekuwana kuUbuntu Server 22.04, iyo, pamusoro pekusagadzikana mu-snap-confine, inosanganisirawo kusagadzikana kuviri muhuwandu hwehuwandu (CVE-2022-41974, CVE-2022-41973) , yakabatana nekunzvenga cheki yechiremera kana kutumirwa kwemirairo yakasarudzika uye basa risina kuchengetedzeka rine zvinongedzo zvekufananidzira.
Kusagadzikana mu snap-confine kunokonzerwa nechimiro chemujaho mu must_mkdir_and_open_with_perms() mashandiro, akawedzerwa kudzivirira pakutsiviwa kwe /tmp/snap.$SNAP_NAME dhairekitori rine chiratidzo chekubatanidza mushure mekutarisa muridzi, asi usati wafonera iyo mount system. fonera kusunga-kukwira madhairekitori mairi kune package iri mu snap fomati. Dziviriro yakawedzerwa yaive yekutumidza zita rekuti /tmp/snap.$SNAP_NAME dhairekitori kune rimwe dhairekitori mu/tmp rine zita risingaite kana riripo uye risiri remudzi.
Pakushandisa /tmp/snap.$SNAP_NAME dhairekitori rezita zita, vaongorori vakatora mukana wekuti snap-confine inogadzirawo /tmp/snap.rootfs_XXXXXX dhairekitori yemudzi wezviri mukati snap package. "XXXXXX" chikamu chezita chinosarudzwa zvisina tsarukano nemkdtemp(), asi pasuru ine zita "rootfs_XXXXXX" inogona kusimbiswa mu sc_instance_name_validate function (kureva pfungwa yekuti $SNAP_NAME ichaiswa ku"rootfs_XXXXXX" uyezve basa rekupa zita. zvinozoita kuti unyore pamusoro /tmp/snap.rootfs_XXXXXX dhairekitori nemudziyo wekutora).
Kuti uwane kushandiswa panguva imwe chete kwe /tmp/snap.rootfs_XXXXXX uye kupa zita /tmp/snap.$SNAP_NAME, zviitiko zviviri zve snap-confine zvakatangwa. Pakangogadzirwa kekutanga /tmp/snap.rootfs_XXXXXX, maitiro acho aizovhara uye kechipiri yaizotanga nezita repasuru rootfs_XXXXXX, zvichiita kuti kechipiri dhairekitori renguva pfupi /tmp/snap.$SNAP_NAME ive mudzi wedhairekitori /tmp/snap .rootfs_XXXXXX yekutanga. Pakangopedzwa zita rezita, kechipiri rakadonha, uye /tmp/snap.rootfs_XXXXXX yakatsiviwa nekugadzirisa mamiriro emujaho, sekushandisa mukana weKukadzi. Mushure mekutsiva, kukiya kwekuuraya kwakabviswa kubva pakutanga uye vapambi vakawana kutonga kwakazara pamusoro peiyo snap root directory.
Danho rekupedzisira raive rekugadzira symlink /tmp/snap.rootfs_XXXXXX/tmp, iyo yakashandiswa nesc_bootstrap_mount_namespace () basa rekusunga-kukwira iro rinonyorwa chaiyo dhairekitori /tmp kune chero dhairekitori mufaira system, kubva pagomo () runhare. inotevera symlinks isati yaiswa. Kukwirisa kwakadai kwakavharwa nezvirambidzo zveAppArmor, asi kuti zvipfuure ichi chivharo, iko kushandisa kwakashandisa kusakwana kuviri kwekubatsira mukuwandisa.
Source: opennet.ru