Ho tsamaiso ea tsamaiso ea tsamaiso tlokotsi (), e ka 'nang ea u lumella ho sebelisa khoutu ea hau ka litokelo tse phahameng ka ho romela kopo e entsoeng ka ho khetheha holim'a bese ea DBus. Bothata bo lokisitsoe tokollong ea teko (li-patches tse rarollang bothata: , , ). Ho ba kotsing ho lokisitsoe kabong , , (e hlaha ho RHEL 8, empa ha e ame RHEL 7), и , empa ka nako ea ho ngola litaba li lula li sa lokisoa ka и .
Kotsi e bakoa ke phihlello ea sebaka sa memori se seng se lokolotsoe (ts'ebeliso-kamora-mahala), e etsahalang ha o etsa likopo ka mokhoa o sa sebetseng ho Polkit ha o ntse o sebetsana le melaetsa ea DBus. Likhokahano tse ling tsa DBus li sebelisa cache ho boloka lintho ka nako e khuts'oane le ho hlakola likheo tsa cache hang ha bese ea DBus e lokolohile ho sebetsana le likopo tse ling. Haeba motho ea sebetsanang le mokhoa oa DBus a sebelisa bus_verify_polkit_async(), ho ka 'na ha hlokahala hore a emele hore ketso ea Polkit e phethe. Ka mor'a hore Polkit e lokisoe, motho ea sebetsang o bitsoa hape 'me a fihlella data e seng e abuoe mohopolong. Haeba kopo ho Polkit e nka nako e telele haholo, lintho tse ka har'a cache li tla hlakoloa pele mohlokomeli oa mokhoa oa DBus a bitsoa lekhetlo la bobeli.
Har'a lits'ebeletso tse lumellang ho sebelisoa ha ts'oaetso, ho hlokomeloa ka tsamaiso ea tsamaiso, e fanang ka DBus API org.freedesktop.machine1.Image.Clone, e lebisang ho boloka boitsebiso ba nakoana ka har'a cache le ho fihlella asynchronous ho Polkit. Sehokedi
org.freedesktop.machine1.Image.Clone e fumaneha ho basebelisi bohle ba hlokang ts'ebetso ea sistimi, e ka senyang lits'ebeletso tsa sistimi kapa e ka bakang hore khoutu e sebelisoe joalo ka motso (setšoantšo sa exploit ha se e-so bontšoe). Khoutu e neng e lumella ho sebelisoa ha tlokotsi e ne e ka systemd-machine ka mofuta oa 2015 (RHEL 7.x e sebelisa systemd 219).
Source: opennet.ru