Kushushikana kutsva kwakawanikwa muSystemd

Dambudziko rakawanikwa mu systemd iyo yatove yakatsanangurwa mu (CVE-2019-6454), chii inobvumira kukonzera kudzora kutanga maitiro (PID1) kuvharira kana uchitumira yakasarudzika meseji kune musina-ropafadzo mushandisi pamusoro peD-Bhazi.

ari Vagadziri veRed Hat havabatanidze mukana wekushandisa kusagadzikana kuronga kuitisa kodhi nemidzi yeropafadzo., asi mukana wekupedzisira wekurwiswa kwakadaro hausati watsanangurwa.

Nezve systemd

Kune avo vasingazive Systemd Ndinogona kukuudza izvozvo iyi linux kutanga system uye maneja webasa iyo inosanganisira maficha senge pane-inoda daemon kutanga, otomount uye gomo poindi yekugadzirisa, snapshot rutsigiro, uye maitiro ekutevera uchishandisa mapoka eLinux ekudzora.

Systemd inopa registry daemon uye zvimwe zvishandiso uye zvinoshandiswa kubatsira neyakajairika system manejimendi mabasa. Lennart Poettering naKay Sievers vakanyora SystemD, yakafemerwa neMacOS kuvhurwa uye Upstart, nechinangwa chekugadzira yazvino uye ine simba system.

Kunyanya, systemd inopa hasha kufananidza kugona uye kutsamira-kwakavakirwa sevhisi yekudzora pfungwa, ichibvumira masevhisi kuti atange zvakafanana uye achitungamira kukurumidza kutanga nguva. Aya maviri maficha aive aripo muUpstart, asi akawedzeredzwa ne systemd.

Systemd ndiyo yakasarudzika boot system yekuparadzira kukuru kweLinux, asi iri kumashure inoenderana neSysV yekutanga zvinyorwa.

SysVinit chirongwa chekutanga chinotangira systemd uye chinoshandisa nzira yakareruka kutanga sevhisi. Sisitimu haina kungo gadzirisa sisitimu yekutanga chete, asi zvakare inopa dzimwe nzira kune zvimwe zvinozivikanwa zvinoshandiswa se cron uye syslog.

Nezve iyo nyowani systemd kusagadzikana

Nekunyengera saizi yemeseji yakatumirwa kuburikidza neD-Bus, anorwisa anogona kufambisa chinongedzo kupfuura miganho yendangariro yakapihwa stack, kupfuura kudzivirirwa kwe "stack-peji rekuchengetedza", iro rakavakirwa pachinzvimbo cheye memory peji kumucheto iyo inodaidza yakasarudzika (peji kukanganisa).

Kurwisa kwakabudirira kunoratidzwa paUbuntu 18.10 ine systemd 239 uye paCentOS 7.6 ine systemd 219.

Sekushandira, kusangana kunogona kushandiswa muGCC ne "-fstack-clash-protection" sarudzo, iyo inoshandiswa nekutadza muFedora 28 ne29.

Izvo zvinofanirwa kucherechedzwa kuti muna 2014 munyori weMUSL system raibhurari akanongedza pakati peakakosha mapurani matambudziko akarongedza zvakanyanya inflation PID1 inobata uye akabvunza kugona kwekushandisa PID1 level controller API yeLink neBhazi, sezvo iri yakakomba vector kurwisa uye zvinogona kukanganisa kuvimbika kwesystem yese

Sekureva kwekuongorora kwekuchengetedza uyo yakaratidza kushushikana, iyo stack pointer shanduko inogoneka chete kune asina kushandiswa ndangariro mapeji (isina kupihwa), iyo isingatenderi kuronga kodhi kuitisa muchimiro cheiyo PID1 maitiro, asi inobvumira anorwisa kuti atange iyo PID1 kukiya neshanduko inotevera yeiyo Linux kernel kune iyo "panic" state (mune iyo PID controller 1 kutadza, iyo system yese yakaturikwa).

Mu systemd, chiratidzo chekubata chakaiswa icho chinoedza kuteedzera zvikanganiso zvePID1 maitiro (segmentation mhosva) uye inotanga iyo Shell yekudzoka.

Asi sezvo, panguva yekurwiswa, kufona kunoitwa kune asina-kukopwa (asina kupihwa) mapeji endangariro, iyo kernel haigone kudaidza chiratidzo ichi inobata uye inongomisa maitiro nePID 1, inova inoitisa Izvo hazvigoneke kuramba uchishanda uye kupinda mukati iyo "panic" state, saka system reboot inodikanwa.

Iko kutove nemhinduro kudambudziko

Kunge chero dambudziko rekuchengeteka ratotsanangurwa uye rataurwa, kutsikisa kwayo hakugone kuitwa kudzamara dambudziko ragadziriswa uye kushaya simba chigadziriso cheSUSE / kuvhuraSUSE, Fedora akatoburitswa, zvakare Ubuntu uye pamwe neDebian (Debian Tambanudza chete).
Kunyangwe hazvo dambudziko richiramba risina kugadziriswa muRHEL.