Ukuba sengozini (CVE-2022-4415) kukhonjwe engxenyeni ye-systemd-coredump, ecubungula amafayela ayisisekelo akhiqizwe ngemva kokuphahlazeka kwezinqubo, okuvumela umsebenzisi wasendaweni ongenalo ilungelo ukuthi anqume okuqukethwe kwenkumbulo yezinqubo eziyilungelo ezisebenza nefulegi lempande ye-suid. Inkinga yokumisa ezenzakalelayo iqinisekisiwe ekusakazweni kwe-openSUSE, Arch, Debian, Fedora kanye ne-SLES.
Ukuba sengozini kubangelwa ukuntuleka kokucutshungulwa okulungile kwepharamitha ye-sysctl ye-fs.suid_dumpable ku-systemd-coredump, okuthi, uma isethelwe kunani elizenzakalelayo elingu-2, ivumela ukukhiqizwa kokulahlwa okubalulekile kwezinqubo ngefulegi le-suid. Kuyaqondakala ukuthi amafayela awumongo wezinqubo ze-suid abhalwe i-kernel kufanele abe namalungelo okufinyelela asethwe ukuze avumele ukufundwa ngumsebenzisi wempande kuphela. Isisetshenziswa se-systemd-coredump, esibizwa i-kernel ukuze silondoloze amafayela abalulekile, sigcina ifayela eliwumgogodla ngaphansi kwe-ID yezimpande, kodwa ngaphezu kwalokho sinikeza ukufinyelela kokufunda okusekelwe ku-ACL kumafayela awumongo asekelwe ku-ID yomnikazi oqale inqubo. .
Lesi sici sikuvumela ukuthi ulande amafayela abalulekile ngaphandle kokubheka iqiniso lokuthi uhlelo lungashintsha i-ID yomsebenzisi futhi lusebenze namalungelo aphakeme. Ukuhlasela kubizela eqinisweni lokuthi umsebenzisi angakwazi ukuqalisa uhlelo lokusebenza lwe-suid futhi aluthumele isignali ye-SIGSEGV, bese elayisha okuqukethwe kwefayela eliwumongo, okufaka ucezu lwenkumbulo lwenqubo phakathi nokuqedwa okungavamile.
Isibonelo, umsebenzisi angakwazi ukusebenzisa okuthi β/usr/bin/suβ futhi kwenye itheminali anqamule ukusebenza kwayo ngomyalo othi βkill -s SIGSEGV `pidof su`β, ngemva kwalokho i-systemd-coredump izogcina ifayela eliwumongo ku/var. /lib/systemd/ directory coredump, ukusethela i-ACL evumela ukufundwa ngumsebenzisi wamanje. Njengoba insiza ye-suid ethi 'su' ifunda okuqukethwe kwe-/etc/shadow enkumbulweni, umhlaseli angathola ukufinyelela olwazini mayelana nama-hashi ephasiwedi abo bonke abasebenzisi ohlelweni. Insiza ye-sudo ayihlaseleki kalula, ngoba ivimbela ukwenziwa kwamafayela awumongo ngolimit.
Ngokwabathuthukisi be-systemd, ubungozi bubonakala buqala ngokukhishwa kwe-systemd 247 (November 2020), kodwa ngokomcwaningi ohlonze inkinga, ukukhululwa okungu-246 nakho kuyathinteka. Ubungozi buvela uma i-systemd ihlanganiswa nelabhulali ye-libacl (ngokuzenzakalelayo ku- konke ukusatshalaliswa okudumile). Ukulungiswa kuyatholakala njengamanje njengepheshi. Ungakwazi ukulandelela ukulungiswa kokusatshalaliswa emakhasini alandelayo: I-Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Gentoo, Arch. Njengomsebenzi wokuvikeleka, ungasetha i-sysctl fs.suid_dumpable ibe ngu-0, evimbela ukuthumela okulahlwayo kusibambi se-systemd-coredump.
Source: opennet.ru