Mazuva mashoma apfuura nhau dzakaburitswa kuti a kusagadzikana kwakanyanya, yakanyoreswa seCVE-2024-47191, mune pam_oath PAM module yemhiko-toolkit package, inoshandiswa kune mbiri-chinhu chechokwadi uchishandisa imwe-nguva passwords (OTP).
Nezvekusagadzikana, kunotaurwa izvozvo inomuka nekuda kwenzira iyo pam_oath module inobata OATH kiyi mafaera. Pakutanga, mafaira aya akachengetwa mu /etc/users.oath, anowanikwa chete nemushandisi wemidzi. Zvisinei, neshanduro 2.6.7, sarudzo yakawedzerwa kuti vashandisi vachengete mafaira aya mumadhairekitori avo epamba.
Este "shanduko diki" yakabvumira vashandisi vasina mukana kugadzirisa mafaera avo yemakiyi, asi pam_oath haina kugadzirisa ropafadzo dzayo pakuwana mafaera aya, kuenderera mberi nemaitiro asina kuchengeteka aifungidzira mafaera ari mudhairekitori rakachengetedzwa. Zvakakodzera kutaura kuti kusazvibata uku kunongokanganisa zvigadziriso zvinobvumira mafaera akakosha kuti achengetwe mumadhairekitori epamba, senge kana PAM yagadziriswa.
Kusagadzikana ndeyekuti pam_oath inobvisa kiyi faira mushure mechokwadi chega chega chakabudirira kudzivirira kushandiswa kweiyo imwechete-nguva password. Nzira iyi inosanganisira kugadzira faira rekukiya, kunyora zvakagadziridzwa zvemukati faira renguva pfupi ne .new extension, uye zvino izvi zvinotsiva faira rekutanga neritsva. Zvisinei, iyi .new faira inogadzirwa uye inonyorwa nemaitiro ane midzi ropafadzo, asi kuvapo kwayo kwekare uye kuchengeteka hazvina kunyatsosimbiswa.
Kurwiswa kwacho kunoda iyo "usersfile" kumisikidzwa kuve nefaira kana nzira chikamu chiri munzvimbo isina njodzi. Iyo yakajairika gadziriso ine kunyora-kuverenga inodzivirirwa configuration usersfile=/etc/users.oath haina njodzi.
Zvinotaurwa kuti kana makiyi mafaera ari mudhairekitori rehurongwa, sekudaro nzira iyi haiunzi matambudziko. Asi nerutsigiro rwemadhairekitori emusha evashandisi, kusazvibata kunounzwa, kubvira Anorwisa anogona kugadzira chinongedzo chekufananidzira chinonzi oath.secrets.new uye anonongedzera kune chero faira pane system. Nekuda kweizvozvo, pakubudirira kwechokwadi, iyi system faira inogona kunyorwa pamusoro, zvichigona kupa mudzi kuwana kune anorwisa.
Isu takasarudza kugadzira chigamba chinotarisisa makesi akawanda ekushandisa sezvinobvira, kuve nechokwadi chekushanda kwese uku uchichengeta kuenderana kumashure. Nechigamba, nzira yefaira yevashandisi inofambiswa zvakachengeteka uchishandisa iyo * kumhuri yekufona system. Ropafadzo dzichabviswa kumuridzi wefaira remushandisi sechimwe chiyero chekuchengetedza. Iyo yekukiya nzira yakagadziriswa kuvhara yese yevashandisi faira yekuwana.
In the bhuku rinotsanangura nezvekusagadzikana Zvinotaurwawo izvozvo Kushandisa kusazvibata, anorwisa anogona kugadzira chinongedzo chekufananidzira iyo inonongedza kune /etc/shadow faira, iyo inochengeta ruzivo rwakakomba nezve system password. Mushure mekubudirira kwechokwadi kuburikidza pam_oath, iyo faira /etc/shadow ichave yakanyorwa pamusoro neanorwisa OATH kiyi runyorwa. Pamusoro pezvo, pam_oath ichawiriranisa mvumo uye muridzi we /etc/shadow neavo vashandisi.oath faira, zvichireva kuti iyo /etc/shadow file ichava yemushandisi anorwisa. Nekuwana uku, anorwisa anogona kugadzirisa /etc/mumvuri kuti ugadzire midzi yekuwana magwaro, nokudaro kuwana kuzere kutonga kwehurongwa.
Iyo chigamba inoshandisa Linux-chaiyo maficha (semuenzaniso, kubatanidza mafaera kubva /proc/self/fd), saka haichashandi kune asiri-Linux masisitimu. Rondedzero yechigamba uye kodhi makomendi ane zvimwe zvinongedzo nezvesarudzo dzemunhu dzakaitwa muchigamba ichi.
Pakupedzisira, kana iwe uchida kudzidza zvakawanda pamusoro payo, unofanira kuziva kuti kusagadzikana kwakaonekwa muvhezheni 2.6.7 uye yakagadziriswa mushanduro 2.6.12. Kana zviri zveruzivo rwechigamba uye kuchengetedza zvigadziriso, unogona kutevedzera maitiro mukugovera kwakasiyana senge Debian, Ubuntu, RHEL, SUSE/openSUSE y Arch.