Munguva pfupi yapfuura Qualy's akaburitsa nhau kuti yakaratidza kusagadzikana (CVE-2021-4034) en chikamu chehurongwa polkit (yaimbova PolicyKit), iyo inoshandiswa mukugovera kubvumira vashandisi vasina rombo rakanaka kuita zviito zvinoda kodzero dzepamusoro dzekuwana.
Kunetseka inobvumira mushandisi wemuno asina kurongeka kukwidziridza kodzero dzavo kune mudzi mushandisi uye kuwana kutonga kwakazara pamusoro pehurongwa. Iyo nyaya ndeye codenamed PwnKit uye yakakosha pakugadzira basa rekushandisa iro rinomhanya mumagadzirirwo akasarudzika pane akawanda Linux kugovera.
Izvo zvinotaurwa kuti dambudziko riripo mu pkexec utility inosanganisirwa nePolKit, iyo inouya neSUID mudzi mureza uye yakagadzirirwa kumhanyisa mirairo neropafadzo dzevamwe vashandisi maererano nemitemo yePolKit.
Nekuda kwekutadza kubata nharo kubva pamutsetse wekuraira wakapfuudzwa kupkexec, a mushandisi asina rombo anogona kupfuura kusimbiswa uye kuita kuti kodhi yako ishande semudzi, pasinei nemitemo yakasimbiswa yekuwana. Nekuda kwekurwiswa, zvisinei kuti ndezvipi zvigadziriso uye zvirambidzo zvakaiswa muPolKit, zvakakwana kuti iyo SUID mudzi hunhu hwefaira rinogoneka yakaiswa ne pkexec utility.
Pkexec haitarise kurongeka yekuverenga yekuraira mutsara nharo (argc) yakapfuura paunotanga maitiro. Vagadziri ve pkexec vakafunga kuti yekutanga yekupinda mu argv array inogara ine zita rekuita (pkexec), uye yechipiri yekupinda ingave NULL kana zita remurairo wakaitwa kuburikidza ne pkexec.
Sezvo iyo nharo kuverenga haina kuenzaniswa nezviri mukati chaimo uye yaifungidzirwa kuti inogara yakakura kupfuura 1, kana isina argv array yakapfuudzwa kune iyo maitiro, iyo Linux's execve function inobvumira, pkexec yakabata NULL senharo yekutanga ( process. zita), uye inotevera mushure mekunze kwebuffer memory, senge inotevera array yemukati.
Dambudziko nderekuti mushure meiyo argv array mundangariro ndiyo envp array ine nharaunda inosiyana. Saka, neine argv array isina chinhu, pkexec inobvisa iyo data pamusoro pemurairo uri kuurayiwa neropafadzo dzakakwirira kubva pachinhu chekutanga chegadziriro nemamiriro ezvinhu akasiyana-siyana (argv[1] yakafanana ne envp[0]), ine zvinyorwa zvinogona kudzorwa ne. murwisi.
Mushure mekugamuchira kukosha argv[1], pkexec inoedza kuona nzira yakazara yefaira rinoshandiswa uchishandisa nzira dzefaira muPATH uye inonyora chinongedzo kune tambo nenzira yakazara yekudzokera ku argv[1], iyo inotungamira pakupeta kukosha. yekutanga kushanduka kwenzvimbo zvakare, sezvo argv[1] yakafanana neenvp[0]. Nekushandisa zita reiyo yekutanga nharaunda shanduko, anorwisa anogona kutsiva imwe nharaunda inoshanduka mu pkexec, semuenzaniso, kutsiva iyo "LD_PRELOAD" nharaunda inoshanduka, isingabvumirwe muzvirongwa zve suid, uye kuita kuti hurongwa hutakure raibhurari yayo yakagovaniswa mukuita. .
Iko kushanda kwekushandisa kunoshandisa GCONV_PATH chinja chinotsiva, iyo inoshandiswa kuona nzira inoenda kuraibhurari yechiratidzo transcoding iyo inotakurwa zvine simba kana g_printerr () basa ranzi, iro rinoshandisa iconv_open () mukodhi yayo.
Nekutsanangudza nzira iri muGCONV_PATH, anorwisa anogona kukwanisa kurodha kwete yakajairwa iconv raibhurari, asi raibhurari yake, ine vatyairi vanozourayiwa panguva yekukanganisa meseji padanho apo pkexec ichiri kushanda semudzi uye isati yaongororwa mvumo yekutanga.
Zvinoonekwa kuti, kunyangwe dambudziko riripo nekuda kwekuora kwendangariro, rinogona kushandiswa zvakavimbika uye richidzokororwa, pasinei nekugadzirwa kwe hardware inoshandiswa.
Kushandisa kwakagadzirirwa yakabudirira kuedzwa paUbuntu, Debian, Fedora uye CentOS, asi inogonawo kushandiswa pane mamwe magove. Iko kushandiswa kwepakutanga kusati kwave kuwanika pachena, zvichiratidza kuti hazvina maturo uye zvinogona kugadziriswa nyore nyore nevamwe vatsvakurudzi, saka zvakakosha kuisa hotfix update nokukurumidza sezvinobvira pane-multi-user systems.
Polkit inowanikwawo kuBSD neSolaris masisitimu, asi haina kuongororwa kuti ishandiswe. Chii chinozivikanwa ndechekuti kurwiswa hakugone kuitwa paOpenBSD, sezvo OpenBSD kernel isingatenderi kupfuudza null argc kukosha pakufona execve ().
Dambudziko ravepo kubva muna Chivabvu 2009 pakawedzerwa pkexec command. Kugadziriswa kwekusagadzikana muPolKit kuchiri kuwanikwa sechigamba (iyo vhezheni yegadziriso haisati yaumbwa), asi sezvo vagadziri vekugovera vakaziviswa nezve dambudziko pachine nguva, kugovera kwakawanda kwakaburitsa update panguva imwe chete. yeruzivo rwekusagadzikana.
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu chinotevera chinongedzo.