Ukuba semngciphekweni kwePolKit kuvumeleke ufikelelo lweengcambu lufunyanwe kunikezelo oluninzi lweLinux

Mva nje Imigangatho wakhupha iindaba ukuba ichonge ukuba sesichengeni (I-CVE-2021-4034) en icandelo lenkqubo ipholiti (eyayisakuba yiPolicyKit), esetyenziswa ekuhanjisweni ukuvumela abasebenzisi abangenalo ilungelo ukuba benze izenzo ezifuna amalungelo okufikelela aphezulu.

Ukuba sesichengeni ivumela umsebenzisi wasekhaya ongenanto ukuphakamisa amalungelo abo kumsebenzisi wengcambu kwaye ufumane ulawulo olupheleleyo phezu kwenkqubo. Umba unekhowudi ebizwa ngokuba yiPwnKit kwaye iphawuleka ekuveliseni ukuxhaphazwa okusebenzayo okuqhuba kuseto olungagqibekanga kunikezelo oluninzi lweLinux.

Kuyakhankanywa ukuba ingxaki ikhona kusetyenziso lwe pkexec olubandakanyiweyo nePolKit, eza neflegi yengcambu ye-SUID kwaye yenzelwe ukuqhuba imiyalelo ngamalungelo abanye abasebenzisi ngokwemigaqo yePolKit.

Ngenxa yokuphathwa kakubi kweengxoxo ukusuka kumgca womyalelo ogqithiselwe kwi pkexec, a umsebenzisi ongenalungelo angagqitha uqinisekiso kwaye abe nekhowudi yakho iqhutywe njengengcambu, kungakhathaliseki ukuba yeyiphi imigaqo emiselweyo yokufikelela. Kuhlaselo, nokuba zeziphi izicwangciso kunye nezithintelo ezibekwe kwi-PolKit, kwanele ukuba i-SUID yengcambu yophawu loyelelwano lwefayile ephunyezwayo icwangciswe kunye ne-pkexec eluncedo.

I-Pkexec ayijongi ukuchaneka Ukubalwa komgca womyalelo wengxoxo (argc) egqithisiweyo xa kuqalwa inkqubo. Abaphuhlisi be-pkexec bacingela ukuba ungeno lokuqala kuluhlu lwe argv lusoloko lunegama lenkqubo (pkexec), kwaye ungeno lwesibini lunokuba nguNULL okanye igama lomyalelo owenziwe nge pkexec.

Ukusukela ukuba impikiswano ibalo ayizange ithelekiswe nemixholo yokwenyani yoluhlu kwaye yacingelwa ukuba ihlala ingaphezulu kwe-1, ukuba uluhlu lwe argv olungenanto lugqithiselwe kwinkqubo, apho umsebenzi we Linux owuvumelayo, i pkexec iphathe iNULL njengengxoxo yokuqala ( inkqubo name), kunye nelandelayo emva kokuphuma kwimemori yesithinteli, njengoluhlu olulandelayo lwesiqulatho.

Ingxaki kukuba emva koluhlu lwe-argv kwinkumbulo luluhlu lweenvp oluqulethe izinto eziguquguqukayo zemekobume. Ke, ngoluhlu lwe-argv olungenanto, i-pkexec ikhupha idatha malunga nomyalelo ophunyeziweyo ngamalungelo aphezulu ukusuka kwinto yokuqala yoluhlu olunezinto eziguquguqukayo zokusingqongileyo (argv[1] yafana ne-envp[0]), umxholo wayo unokulawulwa ngu umhlaseli.

Yakuba ifumene ixabiso argv[1], pkexec izama ukumisela umendo opheleleyo kwifayile ephunyezwayo isebenzisa iindlela zefayile kwi PATH kwaye ibhala isalathiso kumtya ngendlela epheleleyo ebuyela kwi argv[1], ekhokelela ekubhaleni ngaphezulu ixabiso. yokuguquguquka kokuqala kokusingqongileyo, njengoko i-argv[1] ifana ne-envp[0]. Ngokuphatha igama lemo eguquguqukayo yokuqala, umhlaseli unokutshintsha enye indawo eguquguqukayo kwi-pkexec, umzekelo, endaweni ye "LD_PRELOAD" ukuguquguquka kwemekobume, engavumelekanga kwiinkqubo ze-suid, kwaye inkqubo ilayishe ilayibrari ekwabelwana ngayo kwinkqubo. .

Ukuxhaphaza okusebenzayo kusebenzisa i-GCONV_PATH yokutshintsha okuguquguqukayo, esetyenziswa ukumisela umendo kwisimboli yogqithiso lweekhowudi kwilayibrari elayishwe ngamandla xa g_printerr () umsebenzi ubizwa, esebenzisa iconv_open() kwikhowudi yayo.

Ngokuchaza kwakhona umendo kwi-GCONV_PATH, umhlaseli unokulawula ukulayisha kungekhona ilayibrari ye-icv eqhelekileyo, kodwa ilayibrari yakhe, abaqhubi bayo baya kuphunyezwa ngexesha lomyalezo wemposiso kwinqanaba apho i-pkexec isasebenza njengengcambu naphambi kokuqinisekiswa kokuqaliswa. iimvume.

Kuyaqwalaselwa ukuba, nangona ingxaki ingenxa yokonakala kwememori, inokuthembeka kwaye isetyenziswe ngokuphindaphindiweyo, nokuba yeyiphi na i-architecture esetyenzisiweyo.

Ukuxhaphaza kulungiselelwe ivavanywe ngempumelelo kwi-Ubuntu, i-Debian, i-Fedora kunye ne-CentOS, kodwa ingasetyenziswa kolunye unikezelo. I-exploit yasekuqaleni ayikabikho esidlangalaleni, ebonisa ukuba iyinto encinci kwaye iyakwazi ukuphinda yenziwe kwakhona ngabanye abaphandi, ngoko ke kubalulekile ukufaka uhlaziyo lwe-hotfix ngokukhawuleza kwiinkqubo zabasebenzisi abaninzi.

I-Polkit ikwafumaneka kwiinkqubo ze-BSD kunye ne-Solaris, kodwa ayikajongwa ukuba isetyenziswe. Into eyaziwayo kukuba uhlaselo alunakwenziwa kwi-OpenBSD, kuba i-OpenBSD kernel ayikuvumeli ukudlula i-null argc ixabiso xa ufowunela execve ().

Ingxaki ikhona ukususela ngoMeyi 2009 xa umyalelo we-pkexec wongezwa. Ukulungiswa kobuthathaka kwi-PolKit lusafumaneka njengephetshi (uguqulelo lolungiso alukenziwa), kodwa ekubeni abaphuhlisi bosasazo bazisiwe ngengxaki kwangaphambili, uninzi losasazo lukhuphe uhlaziyo ngaxeshanye.kunokudiza. ngolwazi lokuba sesichengeni.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo, ungazijonga iinkcukacha kwi eli khonkco lilandelayo.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.