I-Android 14 ibonisa utshintsho kulawulo lwezatifikethi zegunya
Kwiintsuku ezimbalwa ezidlulileyo HTTP Toolkit abaphuhlisi babelane ngeposi, ulwazi malunga neenkcukacha ukuba uqaphele kwindlela izatifikethi zegunya lesatifikethi zihlaziywa ngayo (CA) kwi-Android 14.
Kwaye abaphuhlisi be-HTTP Toolkit batsalela ingqalelo yakho kwinto yokuba kwi-Android 14, iziqinisekiso zenkqubo. Abasayi kuphinda badityaniswe kwi-firmware, kodwa iya kuhanjiswa kwiphakheji eyahlukileyo ehlaziywa nge-"Google Play" ivenkile yesicelo senkqubo.
Xa i-Android yaqala ukubhengezwa ngo-2007 yi-Open Handset Alliance (ekhokelwa yiGoogle), iprojekthi yayo ye-flagship yabizwa ngokuba "iqonga elivulekileyo," "ukubonelela abaphuhlisi ngezinga elitsha lokuvuleka" kunye nokubanika "ukufikelela ngokupheleleyo kwizakhono kunye nezixhobo." yeefowuni. «.
Sihambe indlela ende ukusukela ngoko, sihamba ngokuthe chu ekuvulekeni kunye nolawulo lwabasebenzisi bezixhobo, kwaye sisiya kwilizwe elivaliweyo nelilawulwa ngumthengisi.
Kupapasho lwabo abaphuhlisi babelane ngezinto ezibaxhalabisayo ekuziphendukeleni kwemvelo kwaye ngakumbi indlela uphuhliso lwe-Android oluthathileyo, oluya luhambela kude kwinto eyayithenjisiwe "ukuba yinkundla evulekileyo", ekubeni ngokugqithiswa kokuqaliswa kweenguqulelo ezahlukeneyo, inkqubo "ivaliwe ngakumbi." kunye nokuninzi."
Bayikhankanya loo nto kwicandelo lezatifiketi zabasemagunyeni "ibe ngqongqo kakhulu kwaye kubonakala kungenzeki ukuguqula isethi yezatifikethi ezithembekileyo" nakwizixhobo ezimiliselwe ngokupheleleyo.
Ngokumalunga notshintsho ekuphathweni kwezatifikethi kwi-Android 14, Le ndlela "icetywayo" ukwenza kube lula ukugcina izatifikethi zisexesheni kunye nokususa izatifikethi kumagunya esiqinisekiso esisengozini, kwaye kuya kuthintela abavelisi besixhobo ekubeni bangcolise uluhlu lwezatifikethi zengcambu kwaye benze inkqubo yohlaziyo ingaxhomekekanga kuhlaziyo lwe-firmware.
Endaweni ye/system/etc/security/cacerts directory, izatifikethi kwi-Android 14 zilayishwe kwi/apex/com.android.conscrypt/cacerts directory, ibanjwe kwi-APEX (i-Android Pony EXpress) eyahlukileyo, umxholo ohanjiswa nge-Google Play kwaye ingqibelelo ilawulwa ngedijithali kwaye isayinwe nguGoogle. Ngoko ke, nangona ulawulo olupheleleyo lwenkqubo kunye namalungelo eengcambu, umsebenzisi, ngaphandle kokwenza utshintsho kwiqonga, akayi kukwazi ukutshintsha imixholo yoluhlu lwezatifikethi zenkqubo.
Utshintsho oluphambili kule nkqubo yayiyi-Android 7 (i-Nougat, ekhutshwe kwi-2016), apho iziphathamandla zesiqinisekiso sesixhobo (i-CAs) ezaziguqulelwe ngokupheleleyo ngumnini wefowuni zahlulwa zibe zimbini: uluhlu lwanikezelwa nge-CA esisigxina ngumthengisi we-OS. kwaye isetyenziswe ngokungagqibekanga kuzo zonke ii -apps kwifowuni yakho, kunye nenye iseti yee-CA eziguquguqukayo abasebenzisi abanokulawula, kodwa ezazisetyenziselwa kuphela ii -apps ezikhethe ukungena (oko kukuthi, phantse akukho nanye).
Iskimu esitsha ugcino lwesatifikethi inokubangela ubunzima kubaphuhlisi ababandakanyekayo kubunjineli obubuyisela umva, ukuhlolwa kwetrafikhi okanye uphando lwe-firmware, kwaye kunokuba nzima ukwenza uphuhliso lweeprojekthi eziphuhlisa enye i-firmware esekwe kwi-Android, njengeGrapheneOS kunye ne-LineageOS.
Kuba ingeyiyo yonke into elungileyo njengoko ivakala kwaye njengoko sele sichazile, i-HTTP Toolkit ivakalisa ukungavumelani kwayo nendlela entsha yonikezelo, kuba ayizukuvumela umsebenzisi ukuba enze utshintsho kwizatifikethi zenkqubo, nokuba banengcambu yokufikelela kwi. inkqubo kwaye ube nolawulo olupheleleyo lwe-firmware.
Utshintsho luchaphazela kuphela inkqubo yezatifikethi ze-CA, Zisetyenziswa ngokungagqibekanga kuzo zonke izicelo kwisixhobo, kwaye azichaphazeli ukusetyenzwa kwezatifikethi zomsebenzisi okanye ukukwazi ukongeza izatifikethi ezongezelelweyo kwizicelo zomntu ngamnye (umzekelo, ukukwazi ukongeza izatifikethi ezongezelelweyo kwisikhangeli sihlala).
Kwangaxeshanye, ingxaki ayikhawulelwanga kuphela kwipakethi enezatifikethi: njengoko ukusebenza kwenkqubo kushukunyiswa kwiipakethi ze-APEX ezihlaziyiweyo ngokwahlukileyo, inani lamacandelo enkqubo umsebenzisi angenako ukulawula okanye ukutshintsha liya kwanda, kungakhathaliseki ukuba kukho ukufikelela kweengcambu. kwisixhobo.
Okokugqibela sUkuba unomdla wokwazi ngakumbi ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.