Ukuba sengozini kwe-PolKit kuvumele ukufinyelela kwezimpande ukuthi kutholwe ekusabalazweni okuningi kwe-Linux

Darkcrizt

Imizuzu ye-4

Muva nje Izimfanelo wakhipha izindaba ukuthi ikhombe ubungozi (I-CVE-2021-4034) en ingxenye yesistimu i-polkit (ngaphambilini okwakuyi-PolicyKit), esetshenziswa ekusabalaliseni ukuze kuvunyelwe abasebenzisi abangenamalungelo ukuthi benze izenzo ezidinga amalungelo okufinyelela aphakeme.

Ukuba sengozini ivumela umsebenzisi wendawo ongenamalungelo ukuthi akhuphule amalungelo akhe kumsebenzisi wempande futhi uthole ukulawula okugcwele phezu kwesistimu. Inkinga ibizwa nge-codenamed PwnKit futhi iphawuleka ngokukhiqiza ukuxhashazwa okusebenzayo okusebenza kuzilungiselelo ezizenzakalelayo ekusabalazweni okuningi kwe-Linux.

Kushiwo lokho inkinga ikhona kusisetshenziswa se-pkexec esifakwe ne-PolKit, eliza nefulegi lempande ye-SUID futhi iklanyelwe ukusebenzisa imiyalo ngamalungelo abanye abasebenzisi ngokuya ngemithetho ye-PolKit.

Ngenxa yokuphathwa kabi kwezimpikiswano kusuka kumugqa womyalo odluliselwe ku-pkexec, a umsebenzisi ongenalo ilungelo angadlula ukuqinisekiswa futhi enze ikhodi yakho isebenze njengempande, ngaphandle kwemithetho yokufinyelela emisiwe. Ngokuhlasela, kungakhathaliseki ukuthi yiziphi izilungiselelo nemikhawulo ebekwe ku-PolKit, kwanele ukuthi isibaluli sempande ye-SUID yefayela elisebenzisekayo sisethwe ngesisetshenziswa se-pkexec.

I-Pkexec ayihloli ukulunga kwesibalo sama-agumenti womugqa womyalo (argc) esidluliselwe lapho kuqalwa inqubo. Onjiniyela be-pkexec bacabange ukuthi ukufakwa kokuqala ohlwini lwe-arrgv kuhlala kuqukethe igama lenqubo (pkexec), futhi ukufakwa kwesibili kungu-NULL noma igama lomyalo owenziwe nge-pkexec.

Njengoba isibalo sokungqubuzana singazange siqhathaniswe nokuqukethwe kwangempela kwamalungu afanayo futhi kwakucatshangwa ukuthi ngaso sonke isikhathi sikhulu kuno-1, uma uhlu lwe-arrgv olungenalutho ludluliselwe kunqubo, umsebenzi we-Linux oyivumelayo, i-pkexec iphathe NULL njengengxabano yokuqala ( inqubo name), kanye nelandelayo ngemva kokuphuma kumemori yesigcinalwazi, njengokuqukethwe kwamalungu afanayo okulandelayo.

Inkinga ukuthi ngemva kohlu lwe-argv kumemori uhlelo lwe-envp oluqukethe okuguquguqukayo kwemvelo. Ngakho-ke, ngohlelo lwe-argv olungenalutho, i-pkexec ikhipha idatha mayelana nomyalo owenziwe ngamalungelo aphakeme kusukela kusici sokuqala samalungu afanayo nokuguquguquka kwemvelo (argv[1] ifane ne-envp[0]), okuqukethwe kwayo kungalawulwa ngu umhlaseli.

Ngemva kokuthola inani elithi argv[1], i-pkexec izama ukunquma indlela egcwele eya efayeleni elisebenzisekayo isebenzisa imizila yefayela ku-PATH futhi ibhala isikhombi entanjeni ngendlela egcwele ebuyela ku-arrgv[1], okuholela ekubhaleni phezu kwevelu. yokuguquguquka kokuqala kwendawo, njengoba i-argv[1] ifana ne-envp[0]. Ngokukhohlisa igama lokuhluka kwemvelo kokuqala, umhlaseli angashintsha enye indawo eguquguqukayo ku-pkexec, isibonelo, amiselele "LD_PRELOAD" imvelo eguquguqukayo, engavunyelwe ezinhlelweni ze-suid, futhi enze inqubo ilayishe ilabhulali yayo eyabiwe ngenkathi kuqhubeka inqubo. .

Inzuzo yokusebenza isebenzisa i-GCONV_PATH yokushintshashintsha, esetshenziselwa ukunquma indlela eya kulabhulali yokudlulisa amakhodi yophawu elayishwa ngamandla uma umsebenzi we-g_printerr() ubizwa, esebenzisa iconv_open() kukhodi yawo.

Ngokuchaza kabusha indlela ku-GCONV_PATH, umhlaseli angakwazi ukulayisha hhayi ilabhulali ye-iconv evamile, kodwa umtapo wolwazi wakhe, abashayeli bayo abazosetshenziswa ngesikhathi somlayezo wephutha esigabeni lapho i-pkexec isasebenza njengempande nangaphambi kokuqinisekiswa kokuqala. izimvume.

Kuyabonakala ukuthi, nakuba inkinga ibangelwa ukonakala kwenkumbulo, ingaxhashazwa ngokuthembekile nangokuphindaphindiwe, kungakhathaliseki ukuthi i-hardware ye-architecture esetshenzisiwe.

Ukuxhashazwa kulungiselelwe ihlolwe ngempumelelo ku-Ubuntu, i-Debian, i-Fedora ne-CentOS, kodwa futhi ingasetshenziswa kokunye ukusatshalaliswa. Ukuxhashazwa kwangempela akukakatholakali esidlangalaleni, okubonisa ukuthi kuyinto encane futhi ingaphinda yenziwe kalula ngabanye abacwaningi, ngakho-ke kubalulekile ukufaka isibuyekezo se-hotfix ngokushesha ngangokunokwenzeka kumasistimu wabasebenzisi abaningi.

I-Polkit iyatholakala futhi kuzinhlelo ze-BSD ne-Solaris, kodwa ayikahlolisiswa ukuze isetshenziswe. Okwaziwayo ukuthi ukuhlasela akukwazi ukwenziwa ku-OpenBSD, njengoba i-OpenBSD kernel ingakuvumeli ukudlulisa inani le-argc elingenalutho lapho ubiza i-execve().

Inkinga ibilokhu ikhona kusukela ngoMeyi 2009 lapho umyalo we-pkexec wengezwa. Ukulungiswa kokuba sengozini ku-PolKit kusatholakala njengesichibi (inguqulo yokulungisa ayikakhiwe), kodwa njengoba abathuthukisi bokusabalalisa baziswe ngenkinga kusengaphambili, ukusabalalisa okuningi kukhiphe isibuyekezo ngesikhathi esifanayo. kunokudalula yolwazi lokuba sengozini.

Okokugcina uma unesifiso sokwazi okwengeziwe ngakho, ungabheka imininingwane ku- isixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.