Kana iwe uri kushandisa Grub2 sebhootloader yako pakombuta yako rega ndikutaurire kuti iwe unofanirwa kuzvivandudza izvozvimunguva pfupi yapfuura 8 kusagadzikana kwakaburitswa mune iyi GRUB2 bootloader yei chimwe chazvo chinoiswa sechinonyanya kukosha.
Inotyisa kwazvo yavo ndeye iyo yakanyorwa nekodhi zita BhootHole (CVE-2020 kusvika 10713). Uku kunetsekana kwaonekwa inoita kuti zvive nyore kupfuura iyo UEFI Yakachengeteka bhuti michina uye nekuisa yakaipa software isina kusimbiswa.
Iyo peculiarity yeiyi kushushikana ndeyekuti, Kugadzirisa izvi, hazvina kukwana kugadzirisa GRUB2 semunhu anorwisa anogona kushandisa media inotakurika ine vhezheni ine njodzi yapfuura inosimbiswa nesiginicha yedhijitari. Anorwisa anogona kukanganisa maitiro ekusimbisa kwete chete kweLinux, asiwo kune mamwe masisitimu anoshanda, kusanganisira Windows.
Uye dambudziko nderekuti mazhinji ekuparadzira kweLinux anoshandisa diki diki ye shim yeakagadziriswa bhuti, iyo yakasainwa manhamba neMicrosoft.
Iyi dura inosimbisa GRUB2 ine chitupa chayo, inobvumira vanogadzira ekuparadzira kuti varege kugonesa yega GRUB kernel uye kugadzirisa kuMicrosoft.
Iyo kushushikana inobvumira, kana uchichinja izvo zvemukati zve grub.cfg, gonesa kuitiswa kwekodhi yako mudariro mushure mekubudirira kweiyo shim, asi pamberi peiyo sisitimu inoshanda. kukodzera muketani yekuvimba kana Yakachengeteka Boot iri kushanda uye ichiwana kutonga Yakazara nezveyekuwedzera bhutsu maitiro, kusanganisira kubhowa imwe sisitimu yekushandisa, kugadzirisa mashandiro ehurongwa hwezvinhu, uye nekupfuura kudzivirirwa kwenjodzi.
Iyo kusagadzikana kunokonzerwa neye buffer kufashukira iyo inogona kushandiswa kuita kodhi yekumanikidza panguva yekutora. Iko kunetseka kunoratidzwa nekuongorora zviri mukati meiyo grub.cfg yekumisikidza faira, iyo inowanzo kuve pane ESP (EFI System Chikamu) uye inogona kugadziridzwa neyeanorwisa nekodzero dzemutungamiriri, pasina kutyora kuvimbika kweasina kusaina shim uye GRUB2 inoitwa.
Nekukanganisa mukodhi yekumisikidza kodhi, iyo inouraya yekuparadza yekukanganisa inobata YY_FATAL_ERROR yakangoratidza yambiro, asi haina kumisa chirongwa. Dambudziko rekushupika rakaderedzwa nekuda kwekuwana mukana kune iyo system; zvisinei, dambudziko ringave rinodiwa pakuitwa kwemidzi yakavanzika pamberi pekupinda mumushini (kana zvichikwanisika kubhuroka kubva kune yavo midhiya).
Yehumwe hurema hwakawanikwa:
- CVE-2020-14308: Buffer kufashukira nekuda kwehukuru hwenzvimbo yakapihwa ndangariro nzvimbo isiri kuongororwa mu grub_malloc.
- CVE-2020-14309: manhamba akazara mu grub_squash_read_symlink, izvo zvinogona kukonzera kuti data rinyorwe kunze kwenzvimbo yakapihwa bhafa.
- CVE-2020-14310: manhamba anofashukira mu read_section_from_string, izvo zvinogona kukonzera kuti data rinyorwe kunze kwenzvimbo yakapihwa buffer.
- CVE-2020-14311: kuwanda kufashukira mu grub_ext2_read_link, iyo inogona kukonzera kuti data rinyorwe kunze kweyakaganhurirwa bhafa.
- CVE-2020-15705: inobvumira kubhururuka kwakananga kweasina kusainwa mune yakachengeteka bhuti modhi isina inopindirana interlayer.
- CVE-2020-15706: kuwana kunzvimbo yekurangarira yakatosunungurwa (use-after-free) kana uchibvisa basa panguva yekumhanya.
- CVE-2020-15707: Yakazara nhamba initrd saizi inobata.
Mhinduro
Kunyangwe zvese zvisina kurasika, kubvira, kugadzirisa dambudziko iri, chingogadzirisa runyorwa rwezvitupa zvakabviswa (dbx, UEFI Revocation Rondedzero) pane ino system, asi mune ino kesi, iko kugona kushandisa yekare yekuisa midhiya neLinux icharasika.
Vamwe vagadziri vehardware vakatove neyakagadziriswa runyorwa rwezvitupa zvakabviswa mune yako firmware; Pane masystem akadaro, muEFI Yakachengeteka Boot modhi, chete kumusoro-ku-zuva kuvaka kweLinux kugoverwa kunogona kutakurwa.
Kugadzirisa kusagadzikana mukugovera, installers, bootloaders, kernel mapakeji, fwupd firmware uye inoenderana dara inodawo kugadziridzwa, kugadzira masiginecha matsva edhijitari kwavari.
Vashandisi vachada kunatsurudza yekuisa mifananidzo uye mamwe midhiya midhiya, uye dhawunirodha Chitupa Revhisheni Chinyorwa (dbx) muEFI firmware. Kusvikira iyo dbx inogadziridza muEFI, sisitimu yacho inoramba iri panjodzi zvisinei nekumisikidzwa kwezvishandiso muhurongwa hwekushandisa.
Pakupedzisira zvinonzi chigadziriso chepakeji chakaburitswa yeDebian, Ubuntu, RHEL uye SUSE, pamwe neGRUB2 seti yematehwe akasunungurwa.
Zvingave zvakanaka kujekesa kana hurema uhwu hunga shandiswa munzvimbo kana kure, izvo zvinoshandura kukura kwedambudziko.
Zvingave zvinonyanya kubatsira kuziva kuti zvinhu izvi zvinogadziriswa sei. nekuti mune yangu chaiyo nyaya handina zano kana pekutangira
Zuva kana maviri apfuura ndakacherekedza kuti ndakawana GRUB2 yekuvandudza, ini handizive kana yaive chigamba, yaingova yekuvandudza ... zvakadaro ...
Ivo vanotaura nezvekuvandudza firmware, zvitupa zvedigital, kurodha pasi Chitupa Revhisheni Chinyorwa (dbx) mune iyo UEFI firmware, kupi kana kuti kunoitwa sei ...
Ndokunge, seruzivo rwakanaka, asi kune newbie zvinoita sekunge vanotaura Mandarin Chinese.
Iko kutsoropodza kunovaka.
Zvakanaka Clickbait:
Iyo kushushikana ndeye buffer yekufashukira inoenderana nekuti GRUB2 inodarika sei grub.cfg yekumisikidza faira. Anorwisa ane maropafadzo e admin pane yakatarwa sisitimu anogona kugadzirisa iyi faira kuitira kuti kodhi yavo yakaipa iitwe munzvimbo yeEFI pamberi peOS kutakurwa.
Regedza kutya vanhu