Sakamakon farko na binciken wani lamari mai alaƙa da gano wasu munanan laifuka guda biyu a cikin ma'ajiyar Git na aikin PHP tare da kunna kofa ta baya lokacin aika buƙatu tare da ƙera na musamman na Wakilin Mai amfani an buga. A yayin da ake yin nazari kan abubuwan da maharan suka aikata, an kammala cewa ba a yi kutse ba a kan uwar garken git.php.net da ma'ajiyar git din ta ke, amma bayanan da ke dauke da asusu na masu samar da aikin sun lalace. .
Yana yiwuwa maharan sun iya zazzage bayanan mai amfani da aka adana a cikin DBMS akan uwar garken master.php.net. Abubuwan da ke cikin master.php.net an riga an yi ƙaura zuwa sabuwar uwar garken main.php.net da aka shigar daga karce. An sake saita duk kalmomin shiga na masu haɓakawa da aka yi amfani da su don samun damar abubuwan ci gaba na php.net kuma an fara aiwatar da canza su ta hanyar hanyar dawo da kalmar sirri ta musamman. Ma'ajiyar git.php.net da svn.php.net sun kasance ana karantawa kawai (an ci gaba zuwa GitHub).
Bayan gano laifin farko da aka yi ta hanyar asusun Rasmus Lerdorf, wanda ya kafa PHP, an zaci cewa an yi kutse a cikin asusunsa kuma Nikita Popov, ɗaya daga cikin manyan masu haɓaka PHP, ya mayar da canje-canjen tare da toshe haƙƙin haƙƙin mallaka. asusun mai matsala. Bayan wani lokaci, fahimtar cewa toshewar ba ta da ma'ana, tun da ba tare da tabbatar da aikata laifuka ta amfani da sa hannu na dijital ba, duk wani ɗan takara da ke da damar yin amfani da ma'ajin php-src zai iya yin canji ta hanyar maye gurbin sunan marubuci mai ƙima.
Bayan haka, maharan sun aika da mugun aiki a madadin Nikita da kansa. Ta hanyar nazarin rajistan ayyukan sabis na gitolite, da aka yi amfani da su don tsara damar shiga wuraren ajiya, an yi ƙoƙari don tantance ɗan takarar wanda ya yi canje-canje a zahiri. Duk da haɗa lissafin duk ayyukan da aka yi, babu wani shigarwar a cikin log ɗin don canje-canje na mugunta guda biyu. Ya bayyana a fili cewa an sami sulhuntawa na kayan aikin, tun lokacin da aka ƙara ƙaddamarwa kai tsaye, ketare haɗin kai ta hanyar gitolite.
An kashe uwar garken git.php.net da sauri, kuma an canja wurin babban wurin ajiya zuwa GitHub. A cikin gaggawa, an manta cewa don samun damar wurin ajiya, ban da SSH ta amfani da gitolite, akwai wani shigarwar da ke ba ku damar aika abubuwan ta hanyar HTTPS. A wannan yanayin, an yi amfani da git-http-backend don yin hulɗa tare da Git, kuma an yi tabbaci ta amfani da sabar Apache2 HTTP, wanda ya tabbatar da takaddun shaida ta hanyar shiga bayanan da aka shirya a cikin DBMS akan uwar garken master.php.net. An ba da izinin shiga ba kawai tare da maɓalli ba, har ma da kalmar sirri ta yau da kullun. Binciken rajistan ayyukan sabar http ya tabbatar da cewa an ƙara mugayen canje-canje ta HTTPS.
Lokacin da ake nazarin log ɗin, an bayyana cewa maharan ba su haɗa ta farko ba, amma da farko sun yi ƙoƙarin nemo sunan asusun, amma bayan gano shi, sai suka shiga a farkon gwajin, watau. sun san kalmomin sirrin Rasmus da Nikita tun da farko, amma ba su san shigarsu ba. Idan maharan sun sami damar yin amfani da DBMS, ba a san dalilin da ya sa ba su yi amfani da madaidaicin shigar da aka kayyade a can ba. Wannan sabani bai riga ya sami ingantaccen bayani ba. Hack na master.php.net ana ɗaukarsa mafi yuwuwar yanayin, tunda wannan uwar garken ta yi amfani da tsohuwar lamba da kuma tsohuwar OS, wanda ba a sabunta ta daɗe ba kuma yana da lahani.
Ayyukan da aka ɗauka sun haɗa da sake shigar da mahallin uwar garken master.php.net da canja wurin rubutun zuwa sabon sigar PHP 8. An canza lambar don yin aiki tare da DBMS don amfani da tambayoyin da aka daidaita, wanda ke dagula maye gurbin lambar SQL. Ana amfani da bcrypt algorithm don adana hashes na kalmar sirri a cikin ma'ajin bayanai (a da, an adana kalmomin shiga ta amfani da hash na MD5 mara aminci). Ana sake saita kalmomin shiga masu wanzuwa kuma ana sa ku saita sabon kalmar sirri ta hanyar dawo da kalmar sirri. Tunda samun damar shiga git.php.net da ma'ajiyar svn.php.net ta HTTPS an haɗa su da hashes MD5, an yanke shawarar barin git.php.net da svn.php.net cikin yanayin karantawa kawai, sannan kuma motsa duka. sauran ma'ajiyar PECL akan GitHub, kama da babban ma'ajiyar PHP.
source: budenet.ru