Ho ba kotsing (CVE-2022-4415) ho khethiloe karolong ea systemd-coredump, e sebetsanang le lifaele tsa mantlha tse hlahisitsoeng kamora ho senyeha ha lits'ebetso, e lumellang mosebelisi oa lehae ea se nang tokelo ho tseba litaba tsa mohopolo oa lits'ebetso tse lehlohonolo tse tsamaisanang le folakha ea motso oa suid. Taba ea tlhophiso ea kamehla e tiisitsoe ho lipehelo tsa openSUSE, Arch, Debian, Fedora le SLES.
Kotsi e bakoa ke ho haella ha ts'ebetso e nepahetseng ea fs.suid_dumpable sysctl parameter ho systemd-coredump, eo, ha e behiloe ho boleng ba kamehla ba 2, e lumellang ho hlahisoa ha lithōle tsa mantlha bakeng sa lits'ebetso tse nang le folakha ea suid. Ho utloisisoa hore lifaele tsa mantlha tsa lits'ebetso tsa suid tse ngotsoeng ke kernel li tlameha ho ba le litokelo tsa phihlello tse behiloeng ho lumella ho bala feela ke mosebelisi oa motso. Sesebelisoa sa systemd-coredump, se bitsoang kernel ho boloka lifaele tsa mantlha, se boloka faele ea mantlha tlasa ID ea motso, empa hape se fana ka phihlello ea ho bala e thehiloeng ho ACL ho lifaele tsa mantlha tse ipapisitseng le ID ea mong'a eona ea qalileng ts'ebetso. .
Karolo ena e u lumella ho khoasolla lifaele tsa mantlha ntle le taba ea hore lenaneo le ka fetola ID ea mosebelisi mme la sebetsa ka litokelo tse phahameng. Tlhaselo e ipapisitse le taba ea hore mosebelisi a ka qala kopo ea suid mme a e romella letšoao la SIGSEGV, ebe o kenya litaba tsa faele ea mantlha, e kenyelletsang sekhechana sa mohopolo oa ts'ebetso nakong ea pheliso e sa tloaelehang.
Mohlala, mosebelisi a ka matha "/ usr/bin/su" 'me sebakeng se seng a emisa ts'ebetso ea eona ka taelo "kill -s SIGSEGV `pidof su`", kamora moo systemd-coredump e tla boloka faele ea mantlha ho / var. /lib/systemd/ directory coredump, ho beha ACL bakeng sa eona e lumellang ho bala ke mosebelisi oa hajoale. Kaha sesebelisoa sa suid 'su' se bala litaba tsa / joalo-joalo/moriti mohopolong, mohlaseli a ka fumana tlhaiso-leseling mabapi le li-hashes tsa password tsa basebelisi bohle ba sistimi. Sesebelisoa sa sudo ha se kotsing ea ho hlaseloa, kaha se thibela ho hlahisa lifaele tsa mantlha ka bokulit.
Ho ea ka baetsi ba systemd, ts'oaetso e hlaha ho qala ka ho lokolloa ha systemd 247 (November 2020), empa ho ea ka mofuputsi ea fumaneng bothata, ho lokolloa 246 ho boetse ho ameha. kabo tsohle tse tsebahalang). Tokiso e fumaneha hajoale e le patch. U ka lekola litokiso ho ajoa maqepheng a latelang: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Gentoo, Arch. Joalo ka ts'ireletso ea ts'ireletso, o ka seta sysctl fs.suid_dumpable ho 0, e thibelang ho romela litšila ho sesebelisoa sa systemd-coredump.
Source: opennet.ru