Kwi-GRUB2 bootloader 8 ubuthathaka. Iyingozi kakhulu (), ebizwa ngokuba yiBootHole, gqitha indlela ye-UEFI eKhuselekileyo yokuQalisa kwaye ufake i-malware engaqinisekiswanga. Ubunqabileyo bobu buthathaka kukuba ukuyiphelisa akwanelanga ukuhlaziya i-GRUB2, kuba umhlaseli unokusebenzisa imidiya ye-bootable kunye nenguqulo yakudala esengozini eqinisekisiwe ngumsayino wedijithali. Umhlaseli unokuthomalalisa inkqubo yokuqinisekisa kungekuphela kweLinux, kodwa kunye nezinye iinkqubo zokusebenza, kubandakanya .
Ingxaki ingasonjululwa kuphela ngokuhlaziya inkqubo (dbx, UEFI Uluhlu lokurhoxiswa), kodwa kulo mzekelo ukukwazi ukusebenzisa imidiya yokufakela endala kunye neLinux iya kulahleka. Abanye abavelisi bezixhobo sele bequke uluhlu oluhlaziyiweyo lwezatifikethi zokurhoxiswa kwi-firmware yabo; kwiinkqubo ezinjalo, ulwakhiwo oluhlaziyiweyo kuphela lonikezelo lweLinux olunokulayishwa kwimowudi eKhuselekileyo ye-UEFI yokuQalisa.
Ukuphelisa ubuthathaka ekusasazeni, kuya kufuneka kwakhona uhlaziye abafakeli, izilayishi, iiphakheji zekernel, i-fwupd firmware kunye ne-shim layer, ukuvelisa iisignesha ezintsha zedijithali kubo. Abasebenzisi baya kufunwa ukuba bahlaziye imifanekiso yokufakela kunye nezinye imidiya eqalwayo, kunye nokulayisha uluhlu lokurhoxiswa kwesatifikethi (dbx) kwi-firmware ye-UEFI. Ngaphambi kokuhlaziya i-dbx kwi-UEFI, inkqubo ihlala isesichengeni kungakhathaliseki ukufakwa kohlaziyo kwi-OS.
Ukuba sesichengeni Ukuphuphuma kwebuffer enokuthi isetyenziswe ukwenza ikhowudi engenasizathu ngexesha lenkqubo yesiqalo.
Ukuba sesichengeni kwenzeka xa kucazululwa imixholo yefayile yoqwalaselo ye-grub.cfg, edla ngokufumaneka kwi-ESP (iSahlulo seNkqubo ye-EFI) kwaye inokuhlelwa ngumhlaseli onamalungelo omlawuli ngaphandle kokuphula ingqibelelo ye-shim esayiniweyo kunye neefayile ezisebenzayo ze-GRUB2. Ngenxa ye kwikhowudi yokwahlulahlula yoqwalaselo, umphathi weempazamo zocalulo ezibulalayo YY_FATAL_ERROR ubonise isilumkiso kuphela, kodwa khange aphelise inkqubo. Umngcipheko wokuba sesichengeni uyancitshiswa yimfuneko yokufikelela okukhethekileyo kwinkqubo, nangona kunjalo, ingxaki inokufuneka ukwazisa i-rootkits efihliweyo ukuba unokufikelela ngokwasemzimbeni kwisixhobo (ukuba kuyenzeka ukuba uqalise kwimidiya yakho).
Uninzi lonikezelo lweLinux lusebenzisa encinci , isayinwe ngokwedijithali nguMicrosoft. Lo maleko uqinisekisa i-GRUB2 ngesatifikethi sayo, esivumela abaphuhlisi bokusasaza ukuba bangabi nayo yonke i-kernel kunye nohlaziyo lwe-GRUB oluqinisekiswe nguMicrosoft. Ukuba sesichengeni kuvumela, ngokutshintsha imixholo ye grub.cfg, ukufezekisa ukuphunyezwa kwekhowudi yakho kwinqanaba emva koqinisekiso oluyimpumelelo lweshim, kodwa phambi kokulayisha inkqubo yokusebenza, ukutshata kwikhonkco lokuthembela xa imowudi eKhuselekileyo yokuQalisa iyasebenza kwaye ifumana ulawulo olupheleleyo. ngaphezulu kwenkqubo yokuqalisa eyongezelelweyo, ukuquka ukulayisha enye i-OS , ulungiso lwamalungu enkqubo esebenzayo kunye nokhuseleko oludlulayo .
Obunye ubuthathaka kwi-GRUB2:
- - I-buffer iphuphuma ngenxa yokungabikho kokujonga ubungakanani bendawo yememori eyabelwe kwi-grub_malloc;
- - inani elipheleleyo lokuphuphuma kwi-grub_squash_read_symlink, enokukhokelela ekubeni idatha ibhalwe ngaphaya kwesithinteli esinikiweyo;
- - i-integer overflow in read_section_from_string, enokukhokelela ekubhaleni idatha ngaphaya kwe-buffer eyabelwe;
- - inani elipheleleyo lokuphuphuma kwi-grub_ext2_read_link, enokukhokelela ekubeni idatha ibhalwe ngaphaya kwesithinteli esinikiweyo;
- β ikuvumela ukuba ulayishe iikernels ezingatyikitywanga ngexesha lokuqalisa ngokuthe ngqo kwimowudi eKhuselekileyo yokuQalisa ngaphandle komaleko weshim;
- β ukufikelela kwindawo yememori esele ikhululwe (ukusebenzisa emva kokukhululeka) xa uchaza umsebenzi kwakhona ngexesha lokusebenza;
- β ukuphuphuma kwenani elipheleleyo kwisibambi sobungakanani be-initrd.
Uhlaziyo lwepakethi yeHotfix lukhutshiwe , , ΠΈ . Nge-GRUB2 iseti yeepetshi.
umthombo: opennet.ru