Mai ɗaukar nauyi mai ƙarfi , wanda aka haɗa tare da OpenBSD, na iya, ƙarƙashin wasu sharuɗɗa, - aikace-aikace suna barin LD_LIBRARY_PATH sauyin yanayi kuma don haka ba da izinin loda lambar ɓangare na uku a cikin mahallin tsari da ke gudana tare da manyan gata. Ana samun faci waɗanda ke gyara lahanin don sakewa и . Binary faci () don amd64, i386 da arm64 dandamali sun riga sun fara samarwa kuma yakamata su kasance don saukewa a lokacin da aka buga wannan labarin.
Mahimmancin matsalar: yayin aiki, ld.so ya fara fitar da ƙimar LD_LIBRARY_PATH mai canzawa daga mahalli kuma, ta amfani da aikin _dl_split_path() aiki, yana juya shi zuwa tsararrun igiyoyi - hanyoyin zuwa kundin adireshi. Idan daga baya ya bayyana cewa aikin SUID/SGID ya fara aiki na yanzu, to, tsararrun da aka ƙirƙira kuma, a zahiri, ana share LD_LIBRARY_PATH m. A lokaci guda, idan _dl_split_path () ya ƙare daga ƙwaƙwalwar ajiya (wanda ke da wahala saboda ƙayyadaddun iyaka na 256 kB akan girman ma'aunin mahalli, amma a zahiri zai yiwu), to, _dl_libpath m zai karɓi ƙimar NULL, da kuma duba bayanan na gaba. darajar wannan madaidaicin zai tilasta tsallake kiran zuwa _dl_unsetenv("LD_LIBRARY_PATH").
Rashin lahani da masana suka samu , har da matsaloli. Masu binciken tsaro waɗanda suka gano raunin sun lura da yadda aka hanzarta magance matsalar: an shirya faci kuma an fitar da sabuntawa cikin sa'o'i uku bayan aikin OpenBSD ya sami sanarwa.
Ƙari: Matsalar an sanya lamba . Anyi akan jerin wasiƙar oss-security , gami da samfur na'urar da ke gudana akan gine-ginen OpenBSD 6.6, 6.5, 6.2 da 6.1
amd64 da i386 (za a iya daidaita amfani da sauran gine-ginen).
Batun yana da amfani a cikin tsoho shigarwa kuma yana ba da damar mai amfani na gida mara gata don aiwatar da lamba azaman tushen ta hanyar sauya laburare yayin gudanar da chpass ko abubuwan amfani da passwd suid. Don ƙirƙirar ƙarancin ƙwaƙwalwar ajiyar da ake buƙata don aiki, saita iyakar RLIMIT_DATA ta hanyar saitalimit.
source: budenet.ru