Kwanakin baya sun bayyana kansu labarai na gano wasu yanayin rauni kuna ganin haɗari? a cikin Firejail, Connman da GNU Guix. Kuma wannan shine a yanayin saukan rashin lafiyar da aka gano a cikin tsarin don gudanar da aikace-aikacen sandboxed Wutar wuta (CVE-2021-26910) wannan yana ba da damar haɓaka gata ga tushen mai amfani.
Wutar wuta yi amfani da sararin suna, AppArmor da tsarin kiran kira (seccomp-bpf) don kebewa kan Linux, amma yana buƙatar ɗaukaka gata don saita takaddama, wanda za'a iya samu ta hanyar ɗaure ga mai amfani tare da tutar tushen suid ko ta hanyar gudu tare da sudo.
Rashin lafiyar ya samo asali ne sakamakon lahani a cikin lambar don tallafawa tsarin fayil ɗin OverlayFS, wanda aka yi amfani da shi don ƙirƙirar ƙarin shafi a saman babban fayil ɗin fayil don adana canje-canje da aka yi ta hanyar keɓaɓɓen tsari. Ana ɗaukar wani keɓaɓɓen tsari don samun damar karantawa ga tsarin fayil na farko, kuma duk ayyukan rubutu ana tura su zuwa ajiyar ɗan lokaci kuma baya shafar ainihin tsarin fayil ɗin farko.
Ta tsohuwa, An saka bangarorin overlayFS a cikin kundin adireshin gidan mai amfanimisali a ciki "/home/test/.firejail/ [[suna]" ", yayin da mai shirin waɗannan kundin adireshi ya shirya don tushen ta yadda mai amfani na yanzu ba zai iya canza abubuwan da ke ciki kai tsaye ba
Lokacin saita yanayin sandbox, Firejail yana duba cewa asalin mai raba lokaci mai wucewaFS ba mai gyaruwa bane zai iya sauya shi. Rashin lafiyar ya samo asali ne daga yanayin tsere saboda gaskiyar cewa ba a yin ayyukan atomatik kuma akwai ɗan gajeren lokaci tsakanin dubawa da hawa, wanda zai bamu damar maye gurbin tushen .firejail directory tare da shugabanci inda mai amfani na yanzu ya sami damar shiga ( tunda an kirkiro .firejail a cikin kundin adireshin mai amfani, mai amfani na iya sake masa suna).
Samun samun dama ga .firejail directory yana baka damar shawo kan abubuwan hawa OverlayFS tare da alamar haɗin alama kuma canza kowane fayil akan tsarin. Mai binciken ya shirya samfurin aiki, wanda za'a buga shi mako guda bayan fitowar gyara. Matsalar ta bayyana tun sigar 0.9.30. A cikin sigar 0.9.64.4, an toshe yanayin rauni ta hanyar hana tallafi na overlayFS.
Don toshe yanayin rauni a cikin wata hanya ta daban, haka nan za ku iya kashe layabila ta hanyar ƙara ma'aunin "overlayfs" tare da ƙimar "a'a" zuwa /etc/firejail/firejail.config.
Na biyu yanayin rauni Mai haɗari da aka gano (CVE-2021-26675) yana cikin mai tsara hanyar sadarwa KonMan, wanda ya zama gama gari a cikin tsarin Linux da aka saka da na'urorin IoT. Rashin yiwuwar yana iya ba da izinin aiwatar da lambar maharin ta nesa.
Matsalar saboda sanadin ambaliyar ruwa a cikin lambar dnsproxy Kuma ana iya amfani dashi ta hanyar dawo da martani na musamman daga sabar DNS wanda aka sanya wakili na DNS don tura zirga-zirga. Tesla, wanda ke amfani da ConnMan, ya ba da rahoton matsalar. An daidaita yanayin rauni a cikin sakin ConnMan na 1.39 na jiya.
Finalmente, sauran raunin tsaro cewa ya saki, yana cikin rarrabawa GNU Guix kuma yana da alaƙa da takamaiman sanya fayilolin suid-root a cikin kundin tsarin / run / setuid-shirye-shirye.
Yawancin shirye-shiryen da ke wannan kundin adireshin an kawo su ne da tutocin setuid-root da setgid-root, amma ba a tsara su don aiki tare da setgid-root ba, wanda za a iya amfani da shi don daukaka gata a kan tsarin.
Koyaya, mafi yawan waɗannan shirye-shiryen an tsara su ne don gudanar azaman tushen-setuid-root, amma ba azaman tushen saiti ba. Sabili da haka, wannan daidaitawar yana haifar da haɗarin haɓaka gatan gida (masu amfani da Guix a cikin "rarraba ƙasashen waje" ba su da tasiri).
An gyara wannan kwaro kuma ana ƙarfafa masu amfani da su sabunta tsarin su….
Babu amfani da wannan matsalar da aka sani har zuwa yau
Finalmente idan kuna sha'awar ƙarin sani game da shi Game da bayanan kula da raunin raunin da aka ruwaito, za ka iya bincika cikakkun bayanai game da wannan a cikin hanyoyin haɗin mai zuwa.
Wutar wuta, Connman y Jagoran GNU