Kuphawulwe ukuba sengozini ku-Linux kernel (CVE-2022-0847) evumela okuqukethwe kwenqolobane yekhasi ukuthi kubhalwe phezu kwanoma yimaphi amafayela, kuhlanganisa nalawo akumodi yokufunda kuphela, avulwe ngefulegi le-O_RDONLY, noma atholakala ezinhlelweni zamafayela. kufakwe kumodi yokufunda kuphela. Ngamagama angokoqobo, ubungozi bungase busetshenziswe ukufaka ikhodi ezinqubweni ezithile noma ukonakalisa idatha kumafayela avuliwe. Isibonelo, ungashintsha okuqukethwe kwefayela eligunyazwe_okhiye kunqubo ye-sshd. I-prototype ye-exploit iyatholakala ukuze ihlolwe.
Inkinga iqanjwe ngekhodi Ipayipi Elingcolile, elifana nokuba sengozini okubucayi I-Dirty COW ehlonzwe ngo-2016. Kuyaphawulwa ukuthi ngokwezinga lengozi, Ipayipi Elingcolile lisezingeni elifanayo neNKOMO Engcolile, kodwa kulula kakhulu ukusebenza. Ukuba sengozini kuphawulwe phakathi nokuhlaziywa kwezikhalazo mayelana nenkohlakalo yezikhathi ezithile zamafayela alandwe ngenethiwekhi ohlelweni lokudawuniloda izingobo zomlando ezicindezelwe kusuka kuseva yelogi (inkohlakalo engu-37 ezinyangeni ezingu-3 kusistimu elayishiwe), ukulungiswa kwayo okusebenzise umsebenzi we-splice() namapayipi angashiwongo.
Ukuba sengozini kuvela kuqale nge-Linux kernel 5.8, ekhishwe ngo-Agasti 2020, i.e. ekhona ku-Debian 11, kodwa ayithinti i-base kernel ku-Ubuntu 20.04 LTS. Izinhlamvu ze-RHEL 8.x kanye ne-openSUSE/SUSE 15 ekuqaleni zisekelwe emagatsheni amadala, kodwa kungenzeka ukuthi ushintsho oludala inkinga lubuyiselwe kuwo (ayikho idatha enembile okwamanje). Ungakwazi ukulandelela ukushicilelwa kwezibuyekezo zephakheji ekusabalaliseni kulawa makhasi: I-Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux. Ukulungiswa kokuba sengozini kuphakanyiswe ekukhishweni okungu-5.16.11, 5.15.25 kanye no-5.10.102. Ukulungiswa kuphinde kufakwe ku-kernel esetshenziswe endaweni yesikhulumi se-Android.
Ukuba sengozini kubangelwa ukuntuleka kokuqaliswa kwevelu ye-“buf->flags” kukhodi yemisebenzi copy_page_to_iter_pipe() kanye ne-push_pipe(), naphezu kweqiniso lokuthi inkumbulo ayisulwa lapho kwabiwa isakhiwo kanye naphakathi nokukhohlisa okuthile amapayipi angashiwongo, inani elivela komunye umsebenzi. Ngokusebenzisa lesi sici, umsebenzisi wasendaweni ongenamalungelo angakwazi ukufeza ukubukeka kwevelu engu-PIPE_BUF_FLAG_CAN_MERGE kufulegi, okukuvumela ukuthi uhlele ukubhala ngaphezulu kwedatha kunqolobane yekhasi ngokumane ubhale idatha entsha epayipini elilungiselelwe ngokukhethekile elingashiwongo.
Ukuze kuhlaselwe, ifayela eliqondiwe kufanele lifundeke, futhi njengoba amalungelo okufinyelela engahloliwe lapho kubhalwa ipayipi, ukushintshwa kunqolobane yekhasi kungenziwa futhi kumafayela abekwe kuma-partitions afakwe ukufunda kuphela (isibonelo, amafayela c CD- ROM). Ngemva kokufaka ulwazi kunqolobane yekhasi, lapho ufunda idatha efayeleni, inqubo ngeke ithole idatha yangempela, kodwa idatha eshintshiwe.
Umsebenzi wehlela ekudaleni isiteshi esingashiwongo ngegama futhi usigcwalise ngedatha engenangqondo ukuze kuqinisekiswe ukuthi ifulegi le-PIPE_BUF_FLAG_CAN_MERGE lisethwe kuzo zonke izinhlaka zamandandatho ezihlobene nalo. Okulandelayo, idatha ifundwa esiteshini, kodwa ifulegi lihlala lisethwe kuzo zonke izimo zesakhiwo se-pipe_buffer kuzakhiwo zeringi ye-pipe_inode_info. Kubizelwa i-splice() ukuze kufundwe idatha esuka efayeleni eliqondiwe iyiswe epayipini elingashiwongo igama, iqala lapho kufiswa khona. Lapho ubhala idatha kuleli payipi elingashiwongo, ngenxa yokusethwa kwefulegi le-PIPE_BUF_FLAG_CAN_MERGE, idatha esenqolobaneni yekhasi izosulwa esikhundleni sokudala isenzakalo esisha sesakhiwo se-pipe_buffer.
Source: opennet.ru