Iiqualys zityhiliwe iindaba endizichongayo Ubuthathaka obubini (CVE-2021-44731 kunye neCVE-2021-44730) kusetyenziso olukhawulezayo, ithunyelwe ngengcambu yeflegi ye-SUID kwaye ibizwe yinkqubo yesnapd ukuvelisa imeko-bume ephunyeziweyo yezicelo ezisasazwe kwiipakethe ezikhawulezayo.
Kwiposti yeblogi kukhankanyiwe ukuba ukuba semngciphekweni kuvumela umsebenzisi wasekhaya ongenanto ukuba afezekise ukwenziwa kwekhowudi njengengcambu kwinkqubo.
Ubuthathaka bokuqala buvumela uhlaselo lokukhohlisa ikhonkco lomzimba, kodwa ifuna ukukhubaza inkqubo yokhuseleko lwe-hardlinks (ngokucwangcisa i-sysctl fs.protected_hardlinks ku-0).
Ingxaki kungenxa yoqinisekiso olungachanekanga lwendawo ephunyeziweyo ye-snap-update-ns kunye ne-snap-discard-ns eziluncedo ezibaleka njengengcambu. Indlela eya kwezi fayile ibalwe ku sc_open_snapd_tool () umsebenzi osekwe kwindlela yawo ukusuka /proc/self/exe, ikuvumela ukuba wenze ikhonkco elinzima lokuvala kulawulo lwakho kwaye ubeke iinketho zakho kuhlaziyo-ns kwaye ucofe. -lahla-ns kolu lawulo. Xa iqaliswe kwikhonkco eliqinileyo, i-snap-confine njengengcambu iya kwenza umhlaseli- endaweni yawo u-snap-update-ns kunye ne-snap-discard-ns iifayile kulawulo lwangoku.
Ukuxhaphazwa okuyimpumelelo kobu buthathaka kuvumela nawuphi na umsebenzisi ongengowamalungelo ukuba afumane amalungelo awodwa engcambu kumamkeli osesichengeni. Abaphandi bokhuseleko be-Qualys bakwazile ukuzimela ngokuzimeleyo ukuba semngciphekweni, baphuhlise ukuxhaphaza, kwaye bafumane amalungelo apheleleyo eengcambu kufakelo lwe-Ubuntu olungagqibekanga.
Nje ukuba iqela lophando le-Qualys liqinisekise ukuba sesichengeni, siye sazibandakanya ekubhengezeni ngobungozi kwaye saququzelelwa nomthengisi kunye nosasazo lwemithombo evulekileyo ukubhengeza obu buthathaka busanda kufunyanwa.
Ubuthathaka besibini bubangelwa yimeko yogqatso kwaye ingasetyenziswa kuqwalaselo olungagqibekanga lwe-desktop ye-Ubuntu. Ukuze i-exploit isebenze ngempumelelo kwi-Ubuntu Server, kufuneka ukhethe enye yeepakethe ukusuka kwicandelo elithi "Featured Server Snaps" ngexesha lofakelo.
imeko yogqatso ibonisa kusetup_private_mount () umsebenzi ebizwa ngexesha lolungiselelo lwendawo yokunyuka yesithuba segama sempahla yangoko nangoko. Lo msebenzi udala uvimba weefayili wethutyana "/tmp/snap.$SNAP_NAME/tmp" okanye usebenzisa ekhoyo ukudibanisa kwaye unyuse abalawuli bempahla ekhawulezayo kuyo.
Kuba igama lolawulo lwexeshana linokuxelwa kwangaphambili, umhlaseli unokutshintsha imixholo yawo kwikhonkco eliwumfuziselo emva kokuqinisekisa umnini, kodwa ngaphambi kokufowunela inkqubo yokunyuka. Umzekelo, ungenza i-symlink "/tmp/snap.lxd/tmp" kwi/tmp/snap.lxd ulawulo olukhomba kulawulo olungenasizathu kwaye intaba () ifowuni iya kulandela i-symlink kwaye inyuse ulawulo kwisithuba. yamagama.
Ngokufanayo, unokunyuka imixholo yayo kwi /var/lib kwaye, ngaphezulu /var/lib/snapd/mount/snap.snap-store.user-fstab, cwangcisa ukunyusela eyakho/njl ulawulo kwipakethe yendawo yegama snap ukulayisha ilayibrari yakho. ukusuka ekungeneni kweengcambu ngokufaka endaweni /etc/ld.so.preload.
Kuyaqapheleka ukuba ukudala i-exploit kwajika kwaba ngumsebenzi ongengomsebenzi omncinci, ukusukela oko into eluncedo ye-snap-confine ibhaliwe kusetyenziswa ubuchule benkqubo obukhuselekileyo (i-snapd ibhaliwe kwi-Hamba, kodwa i-C isetyenziselwa i-snap-confine), inokhuseleko olusekwe kwiprofayile ze-AppArmor, iminxeba yenkqubo yokucoca esekwe kwindlela ye-seccomp kwaye isebenzisa isithuba segama lokunyuka. ukwenzela ukuba wedwa.
Nangona kunjalo, abaphandi bakwazi ukulungiselela ukuxhaphazwa okusebenzayo ukufumana ufikelelo lwengcambu kwindlela. Ikhowudi yokuxhaphaza iya kukhutshwa kwiiveki ezimbalwa emva kokuba abasebenzisi bafake uhlaziyo olunikeziweyo.
Ekugqibeleni, kufanelekile ukukhankanya okoIingxaki zalungiswa kuhlaziyo lwephakheji ye-snapd kuba Ubuntu iinguqulelo 21.10, 20.04 kunye 18.04.
Ukongeza kwezinye izinikezelo ezenza ukusetyenziswa kwe-Snap, i-Snapd 2.54.3 ikhululwe, leyo, ukongeza kwiingxaki ezingentla, ilungisa enye ingozi (CVE-2021-4120), evumela, xa ufaka iipakethi zeplagin ezenziwe ngokukodwa, Qhagamshelana nemithetho ye-AppArmor engafanelekanga kwaye ugqwese izithintelo zofikelelo ezibekelwe ipakethe.
Ukuba ukhona unomdla wokwazi ngakumbi ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.