Kutholwe ukuba sengozini ku-systemd esivele ichazwe ku- (I-CVE-2019-6454), ini ivumela ukudala inqubo yokuqalisa yokulawula (PID1) ukuvimba lapho uthumela umyalezo owakhiwe ngokukhethekile kumsebenzisi ongenalungelo elikhethekile nge-D-Bus.
I-Los Abathuthukisi beRed Hat futhi ababeki eceleni ithuba lokusebenzisa ukuba sengozini ukuhlela ukwenziwa kwekhodi ngamalungelo ezimpande., kodwa kungenzeka ukuthi ekugcineni kube khona ukuhlaselwa okunjalo.
Mayelana nesistimu
Okwalabo abangazi iSystemd Ngingakutshela lokho lolu uhlelo lokuqalisa lwe-linux nomphathi wesevisi okubandakanya izici ezinjengokuqalisa kokufunwa kwe-daemon, ukugcinwa kwe-automount kanye ne-mount point, ukwesekwa kwesifinyezo, kanye nenqubo yokulandela ngomkhondo usebenzisa amaqembu wokulawula we-Linux.
I-Systemd inikeza i-daemon yokubhalisa namanye amathuluzi nezinsiza ukusiza ngemisebenzi ejwayelekile yokuphathwa kohlelo. ULennart Poettering noKay Sievers babhale iSystemD, ekhuthazwe ukwethulwa kwe-MacOS kanye ne-Upstart, ngenhloso yokwakha uhlelo lwesimanje futhi olunamandla.
Ikakhulu, i-systemd inikeza amandla wokufanisa anolaka kanye nomqondo wokulawulwa kwensizakalo osuselwa ekuthembekeni, okuvumela izinsizakalo ukuthi ziqale ngokufana futhi ziholele ezikhathini zokuqala ngokushesha. Lezi zici ezimbili zazikhona e-Upstart, kepha zithuthukiswa nge-systemd.
I-Systemd uhlelo oluzenzakalelayo lwe-boot lokusabalalisa okukhulu kwe-Linux, kepha ibuyela emuva iyahambisana nemibhalo yokuqalisa yeSysV.
I-SysVinit uhlelo lokuqalisa olwandulela uhlelo futhi lusebenzisa indlela elula yokwenza insiza. I-Systemd ayiphathi kuphela ukuqaliswa kohlelo, kepha iphinde inikeze ezinye izindlela zokusetshenziswa ezaziwayo njenge cron ne syslog.
Mayelana nokuba sengozini okusha kwesistimu
Ngokusebenzisa usayizi womlayezo othunyelwe nge-D-Bus, umhlaseli angahambisa isikhombi ngaphezu kwemikhawulo yememori eyabelwe isitaki, kudlula ukuvikelwa kwe- "stack-page-guard", okususelwa ekufakweni kwekhasi lememori emaphethelweni elibiza okuhlukile (iphutha lekhasi).
Ukuhlaselwa okuphumelelayo kuboniswa ku-Ubuntu 18.10 nge-systemd 239 naku-CentOS 7.6 nge-systemd 219.
Njengokusebenza, ukuhlanganiswa kungasetshenziswa ku-GCC ngenketho ye- "-fstack-clash-protection", esetshenziswa ngokuzenzakalela kuFedora 28 no-29.
Kumele kuqashelwe ukuthi ngo-2014 umbhali womtapo wolwazi wesistimu ye-MUSL waveza phakathi kwezinkinga ezinkulu zokwakha ezihlelelwe ukuphatha ngokweqile kwe-PID1 umphathi futhi wabuza ukuthi kungenzeka yini ukusebenzisa i-PID1 level controller API ye-Link neBhasi, ngoba iyi-vector enkulu ukuhlaselwa futhi kungathikameza ukuthembeka kohlelo lonke
Ngokusho komcwaningi wezokuphepha ngubani iveze ukuba sengozini, ushintsho lwesikhombi sesitaki kungenzeka kuphela kumakhasi ememori angasetshenziswanga (enganikwanga), engavumeli ukuhlela ukwenziwa kwekhodi kumongo wenqubo ye-PID1, kepha ivumela umhlaseli ukuthi aqale ukukhiya kwe-PID1 ngoguquko olulandelayo lwe-kernel ye-Linux iye esimweni se- "panic" (esimweni se PID isilawuli 1 ukwehluleka, lonke uhlelo lilenga)
Ku-systemd, kufakwa isibambi sesiginali esizama ukubamba amaphutha enqubo ye-PID1 (iphutha lokuhlukaniswa) bese siqala igobolondo lokululama.
Kepha njengoba, ngesikhathi sokuhlaselwa, kwenziwa ikholi kumakhasi ezinkumbulo angaphindiwe (angahlukaniswanga), i-kernel ayikwazi ukubiza lesi siphathi sesiginali futhi imisa inqubo nge-PID 1, yona yona eyenza Akunakwenzeka ukuqhubeka nokusebenza ungene esimweni "sokwethuka", ngakho-ke ukuqala kabusha kwesistimu kuyadingeka.
Kakade kunesixazululo senkinga
Njenganoma iyiphi inkinga yezokuphepha esivele ichaziwe futhi yabikwa, ukushicilelwa kwayo akunakwenziwa kuze kube inkinga isixazululiwe futhi izibuyekezo zokuba sengozini kwe-SUSE / openSUSE, i-Fedora isivele ikhishiwe, ne-Ubuntu futhi ngokwengxenye ye-Debian (I-Debian Stretch kuphela).
Yize inkinga ihlala ingalungiswa ku-RHEL.