Mai ɗaukar nauyi mai ƙarfi
Mahimmancin matsalar: yayin aiki, ld.so ya fara fitar da ƙimar LD_LIBRARY_PATH mai canzawa daga mahalli kuma, ta amfani da aikin _dl_split_path() aiki, yana juya shi zuwa tsararrun igiyoyi - hanyoyin zuwa kundin adireshi. Idan daga baya ya bayyana cewa aikin SUID/SGID ya fara aiki na yanzu, to, tsararrun da aka ƙirƙira kuma, a zahiri, ana share LD_LIBRARY_PATH m. A lokaci guda, idan _dl_split_path () ya ƙare daga ƙwaƙwalwar ajiya (wanda ke da wahala saboda ƙayyadaddun iyaka na 256 kB akan girman ma'aunin mahalli, amma a zahiri zai yiwu), to, _dl_libpath m zai karɓi ƙimar NULL, da kuma duba bayanan na gaba. darajar wannan madaidaicin zai tilasta tsallake kiran zuwa _dl_unsetenv("LD_LIBRARY_PATH").
Rashin lahani da masana suka samu
Ƙari: Matsalar an sanya lamba
amd64 da i386 (za a iya daidaita amfani da sauran gine-ginen).
Batun yana da amfani a cikin tsoho shigarwa kuma yana ba da damar mai amfani na gida mara gata don aiwatar da lamba azaman tushen ta hanyar sauya laburare yayin gudanar da chpass ko abubuwan amfani da passwd suid. Don ƙirƙirar ƙarancin ƙwaƙwalwar ajiyar da ake buƙata don aiki, saita iyakar RLIMIT_DATA ta hanyar saitalimit.
source: budenet.ru