Uma exhashazwa, lawa maphutha angavumela abahlaseli ukuthi bathole ukufinyelela okungagunyaziwe kulwazi olubucayi noma ngokuvamile babangele izinkinga.
Muva nje izindaba zikuqedile lokho ubungozi butholakele kusifanisi setheminali ye-xterm (sekufakwe kukhathalogi ngaphansi kwe-CVE-2022-45063), inkinga ivumela ukwenza imiyalo yegobolondo lapho uchungechunge oluthile lokuphuma lucutshungulwa kutheminali.
Mayelana nenkinga kushiwo ukuthi kungenxa yephutha ekucubungulweni kwekhodi yokuphunyuka engu-50 esetshenziselwa ukusetha noma ukuthola izinketho zefonti. Uma ifonti eceliwe ingekho, umsebenzi ubuyisela igama lefonti elishiwo esicelweni.
Inkinga ikukulandelana kwe-OSC 50, okokumisa nokubonisana umthombo. Uma umthombo onikeziwe ungekho, awumisiwe, kodwa umbuzo izobuyisela igama elisethiwe. Izinhlamvu zokulawula azikwazi ukubakhona ifakiwe, kodwa iyunithi yezinhlamvu zokuphendula inganqanyulwa ngokuthi ^G. EMpumalanga empeleni kusinika okwakudala ukubuyisela umbhalo kutheminali futhi iphethe ngokuthi ^G.
Izinhlamvu zokulawula azikwazi ukufakwa ngokuqondile egameni, kodwa iyunithi yezinhlamvu ebuyisiwe ingaqedwa ngokulandelana "^G", okuthi zsh, lapho imodi yokuhlela umugqa wesitayela se-vi isebenza, ibangela ukuthi kwenziwe umsebenzi wokunweba uhlu, ongasetshenziswa ukwenza imiyalo ngaphandle kokucindezela inkinobho ethi Enter.
Ukuze uthole ukuhlaselwa esimweni esilula, kwanele ukubonisa okuqukethwe kwefayela eliklanywe ngokukhethekile esikrinini, isibonelo, ukusebenzisa insiza yekati, noma ukunamathisela umugqa osuka ebhodini lokunamathisela.
I-Debian, i-Red Hat nezinye zikhubaza ukusebenza kwefonti ngokuzenzakalelayo , kodwa abasebenzisi bangaphinda babanike amandla ngokusebenzisa inketho noma imenyu yokumisa. Futhi, i-xterm ephezulu iyakwenza ayizivimbeli ngokuzenzakalelayo, ngakho-ke okunye ukusabalalisa kufaka phakathi i-a Ukucushwa okuzenzakalelayo okusengcupheni.
Ukuze usebenzise ngempumelelo ukuba sengozini, umsebenzisi kufanele asebenzise igobolondo le-Zsh elinomhleli womugqa womyalo (i-vi-cmd-mode) eguqulelwe kumodi ethi "vi"., ngokuvamile engasetshenziswa ngokuzenzakalelayo ekusabalaliseni.
Ngokuyisisekelo, sidinga:
zsh
Imodi yokuhlela yomugqa osebenzayo ngesitayela se-vi
kopisha umbhalo we-trojan ebhodini lokunamathisela
inamathisele ku-zshLokhu kungenziwa ngokuzenzakalelayo, amasayithi amaningi aguqula umbhalo uma ukopishwa ebhodini lokunamathisela. Ngakho ngisebenzisa kuphela ibhafa yokukhetha, engafinyelelwanga iziphequluli. Ku-gtk3 kuphela futhi ikakhulukazi ff lapho bahlala bephuka ngesizathu esithile, kuyakhathaza.
Inkinga futhi ayiveli uma i-xterm isethwe ukuze ibe allowWindowOps=false or allowFontOps=false. Isibonelo, ukucushwa allowFontOps=amanga isethwe ku-OpenBSD, Debian, kanye ne-RHEL, kodwa ayiphoqelelwa ngokuzenzakalelayo ku-Arch Linux.
Ngokombhalo woshintsho kanye nesitatimende somcwaningi ohlonze udaba, ukuba sengozini ilungiswe kunguqulo ye-xterm 375, kodwa ngokweminye imithombo, ubungozi buyaqhubeka nokuzibonakalisa ku-xterm 375 ye-Arch Linux.
Lokhu kusho ukuthi ukuze kuxhashazwe lobu bungozi, umsebenzisi kufanele abe njalo
usebenzisa imodi yokuhlela yomugqa we-Zsh (imvamisa nge-$EDITOR ene-"vi" in
kunjalo). Nakuba kungacacile, lokhu akuzwakali nhlobo.
ukumisaKulokho kumisa, into efana nale:
printf "\e]50;i\$(thinta /tmp/hack-like-its-1999)\a\e]50;?\a" > cve-2022-45063
cat cve-2022-45063 # noma enye indlela yokuletha lokhu kulowo ohlukunyeziwe
Okokugcina, njengenjwayelo, abasebenzisi bamasistimu athintekile bayatuswa ukuthi babuyekezwe amasistimu abo, njengoba bezokwazi lapho ubungozi bokuphepha baziwa, onjiniyela kufanele balungise lawa maphutha, ngoba okuningi kokuthi lawa maphutha angaxhashazwa kanjani ayadalulwa.
Kuyafaneleka ukusho lokho ukusebenza kwefonti akuvunyelwe kuzilungiselelo ezizenzakalelayo ze xterm kwe okunye ukusatshalaliswa kweLinux, ngakho-ke akukona konke ukusatshalaliswa okuthambekele kulesi siphazamisi. Kulabo abathanda ukulandela ukushicilelwa kokulungiswa ngokusatshalaliswa, bangakwenza kulawa makhasi: Debian, RHEL, Fedora, SUSE, Ubuntu, I-Arch Linux, I-OpenBSD, I-FreeBSD y I-NetBSD.
Uma unjalo unentshisekelo yokwazi okwengeziwe ngayo, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.