腾讯云上报 Redis 沙盒逃逸漏洞(CVE-2022-0543),参考报告:Debian Bug report logs - #1005787 redis: CVE-2022-0543

Found in versions redis/5:5.0.14-1+deb10u1, redis/5:5.0.3-4, redis/5:6.0.15-1

Fixed in versions redis/5:6.0.16-1+deb11u2, redis/5:5.0.14-1+deb10u2, redis/5:6.0.16-2, redis/5:7.0~rc2-2

影响版本:redis version less than 5:5.0.7-2ubuntu0.1

查看相关 ubuntu 服务器 redis 版本:

> redis-server -v

Redis server v=5.0.7 sha=00000000:0 malloc=jemalloc-5.2.1 bits=64 build=66bd629f924ac924
Bash
Copy

即需要对 Redis 升级到新版本。官方提供了修复指令:

> sudo apt-get -y install redis --only-upgrade

Reading package lists... Done
Building dependency tree       
Reading state information... Done
Skipping redis, it is not installed and only upgrades are requested.
The following packages were automatically installed and are no longer required:
  ...
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 302 not upgraded.
Bash
Copy

再此查看 redis 版本,并没有升级成功。网上查到一篇 Ubuntu 安装 Redis,主要参考其中的 方法2:先更新APT repository再安装,也即是 Redis 官网提供方法

先决条件

如果运行的是低版本的 debain 发行版本,需要先执行:

sudo apt install lsb-release curl gpg
Bash
Copy

更新 apt repository 再安装

curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list

sudo apt-get update
sudo apt-get install redis
Bash
Copy

再次查看版本:

> redis-server -v

Redis server v=7.0.12 sha=00000000:0 malloc=jemalloc-5.2.1 bits=64 build=d706905cc5f560c1
Bash
Copy

升级会提示使用新版本,还是原来版本,测试选择 N 或 O 不会修改原来 redis 的配置,如密码

安装过程中报错 Package redis-server is not configured yet

dpkg: error processing package redis-server (--configure):
 installed redis-server package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of redis:
 redis depends on redis-server (<< 6:7.0.12-1rl1~focal1.1~); however:
  Package redis-server is not configured yet.
 redis depends on redis-server (>= 6:7.0.12-1rl1~focal1); however:
  Package redis-server is not configured yet.

dpkg: error processing package redis (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 redis-server
 redis
E: Sub-process /usr/bin/dpkg returned an error code (1)
Bash
Copy

中间有一台设备出现了这个报错,不管使用 apt 安装什么软件都会提示 redis-server 存在问题。也有参考网上的教程去配置 ipv6 启用,或者修改 bind 127.0.0.1 配置文件的,但都不起作用。

因为这台设备属于测试站,所以干脆直接卸载软件:

apt-get remove redis-server
apt-get remove redis
Bash
Copy

因为不确定包名,所以执行了 redis 和 redis-server 的卸载。然后安装上面的更新 apt 源再安装。

若遇到报错 Package redis-server is not configured yet 且怎么样重新安装都不起作用

熟话说的好呀,夜路走多了,容易遇见鬼。这经常这么删除再重新安装,删除再重新安装,然后就遇到了一直都安装不了,一直报错的情况。

首先 sudo apt-get install redis 其实安装了 redis-serverredis-cli,并且还有一个 redis 的系统服务。不管是卸载还是安装 redis 时,都应该先把 redis 关闭: service redis stop 之后再操作。

在卸载干净之后,安装过程中报错:

> service redis status
● redis-server.service - LSB: redis-server - Persistent key-value db
     Loaded: loaded (/etc/init.d/redis-server; generated)
     Active: inactive (dead) since Thu 2023-08-03 10:49:46 CST; 9s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 2967516 ExecStart=/etc/init.d/redis-server start (code=exited, status=0/SUCCESS)
    Process: 2972824 ExecStop=/etc/init.d/redis-server stop (code=exited, status=0/SUCCESS)

Aug 03 10:44:21 ~ systemd[1]: Starting LSB: redis-server - Persistent key-value db...
Aug 03 10:44:21 ~ systemd[1]: Started LSB: redis-server - Persistent key-value db.
Aug 03 10:49:46 ~ systemd[1]: Stopping LSB: redis-server - Persistent key-value db...
Aug 03 10:49:46 ~ systemd[1]: redis-server.service: Succeeded.
Aug 03 10:49:46 ~ systemd[1]: Stopped LSB: redis-server - Persistent key-value db.
> sudo apt-get install redis
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  redis-server
The following NEW packages will be installed:
  redis redis-server
0 upgraded, 2 newly installed, 0 to remove and 423 not upgraded.
Need to get 0 B/129 kB of archives.
After this operation, 251 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Selecting previously unselected package redis-server.
(Reading database ... 84086 files and directories currently installed.)
Preparing to unpack .../redis-server_6%3a7.0.12-1rl1~focal1_amd64.deb ...
Unpacking redis-server (6:7.0.12-1rl1~focal1) ...
Selecting previously unselected package redis.
Preparing to unpack .../redis_6%3a7.0.12-1rl1~focal1_all.deb ...
Unpacking redis (6:7.0.12-1rl1~focal1) ...
Setting up redis-server (6:7.0.12-1rl1~focal1) ...
Job for redis-server.service failed because the service did not take the steps required by its unit configuration.
See "systemctl status redis-server.service" and "journalctl -xe" for details.
invoke-rc.d: initscript redis-server, action "start" failed.
● redis-server.service - Advanced key-value store
     Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; vendor preset: enabled)
     Active: activating (auto-restart) (Result: protocol) since Thu 2023-08-03 10:50:19 CST; 5ms ago
       Docs: http://redis.io/documentation,
             man:redis-server(1)
    Process: 2973493 ExecStart=/usr/bin/redis-server /etc/redis/redis.conf (code=exited, status=0/SUCCESS)
   Main PID: 2973493 (code=exited, status=0/SUCCESS)
dpkg: error processing package redis-server (--configure):
 installed redis-server package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of redis:
 redis depends on redis-server (<< 6:7.0.12-1rl1~focal1.1~); however:
  Package redis-server is not configured yet.
 redis depends on redis-server (>= 6:7.0.12-1rl1~focal1); however:
  Package redis-server is not configured yet.

dpkg: error processing package redis (--configure):
 dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
                                                                                                          Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.1) ...
Errors were encountered while processing:
 redis-server
 redis
E: Sub-process /usr/bin/dpkg returned an error code (1)
> systemctl status redis-server.service
● redis-server.service - Advanced key-value store
     Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; vendor preset: enabled)
     Active: failed (Result: protocol) since Thu 2023-08-03 10:50:21 CST; 45s ago
       Docs: http://redis.io/documentation,
             man:redis-server(1)
    Process: 2973762 ExecStart=/usr/bin/redis-server /etc/redis/redis.conf (code=exited, status=0/SUCCESS)
   Main PID: 2973762 (code=exited, status=0/SUCCESS)

Aug 03 10:50:21 ~ systemd[1]: redis-server.service: Scheduled restart job, restart counter is at 8.
Aug 03 10:50:21 ~ systemd[1]: Stopped Advanced key-value store.
Aug 03 10:50:21 ~ systemd[1]: redis-server.service: Start request repeated too quickly.
Aug 03 10:50:21 ~ systemd[1]: redis-server.service: Failed with result 'protocol'.
Aug 03 10:50:21 ~ systemd[1]: Failed to start Advanced key-value store.
Log
Copy

前面是安装 redis,后面则是查看 redis 服务。redis 版本已经升级好了,但这个 redis 服务却一直启动不起来。

经历了一段时间的推敲、寻觅,终于试出了一种可以解决当前问题的方法:Redis not starting with systemctl。里面问答里提到修改 redis 配置文件 /etc/redis/redis.conf,找到 supervised no 项,修改为 supervised systemd

没有太理解 systemctl 方式启动是不是就是 service 方式启动,但修改后再启动服务 service redis restart 确实成功了。观察到其他两台服务器安装后也都有 redis 服务(默认安装的),且一台设置为 auto,另一台设置为 no 也没有出现当前的问题,所以暂时不确定什么因素造车了当前的这种情况。