ProHoster > Блог > labaran intanet > Rashin lahani a cikin sudo wanda ke ba da damar haɓaka gata yayin amfani da takamaiman ƙa'idodi

Rashin lahani a cikin sudo wanda ke ba da damar haɓaka gata yayin amfani da takamaiman ƙa'idodi

A cikin mai amfani Sudo, amfani da shi don tsara aiwatar da umarni a madadin sauran masu amfani, gano rauni (CVE-2019-14287), wanda ke ba ku damar aiwatar da umarni tare da haƙƙin tushen, idan akwai ƙa'idodi a cikin saitunan sudoers wanda a cikin sashin rajistan ID na mai amfani bayan kalmar izinin "ALL" akwai haramtacciyar haramtacciyar gudu tare da haƙƙin tushen ("... (ALL, ! tushen) ...). Rashin lahani ba ya bayyana a cikin saitunan tsoho a cikin rarrabawa.

Idan sudoers yana da inganci, amma ba kasafai a aikace ba, dokokin da ke ba da izinin aiwatar da wani umarni a ƙarƙashin UID na kowane mai amfani ban da tushen, maharin da ke da ikon aiwatar da wannan umarni na iya ketare ƙaƙƙarfan ƙuntatawa kuma aiwatar da umarnin tare da tushen hakkoki. Don ƙetare iyakokin, kawai gwada aiwatar da umarnin da aka ƙayyade a cikin saitunan tare da UID "-1" ko "4294967295", wanda zai haifar da aiwatar da shi tare da UID 0.

Misali, idan akwai ka'ida a cikin saitunan da ke ba kowane mai amfani damar aiwatar da shirin /usr/bin/id ƙarƙashin kowane UID:

myhost ALL = (ALL,! tushen) /usr/bin/id

ko wani zaɓi wanda ke ba da izinin aiwatarwa kawai don takamaiman bob mai amfani:

myhost bob = (ALL,! tushen) /usr/bin/id

Mai amfani zai iya aiwatar da "sudo -u '#-1' id" kuma za a ƙaddamar da /usr/bin/id utility azaman tushen, duk da hani da ke cikin saitunan. Matsalar tana faruwa ne ta hanyar yin watsi da ƙimar musamman "-1" ko "4294967295", waɗanda ba su haifar da canji a cikin UID ba, amma tunda sudo da kansa ya riga ya gudana azaman tushen, ba tare da canza UID ba, umarnin da aka yi niyya shima shine. kaddamar da tushen hakkoki.

A cikin SUSE da openSUSE rabawa, ba tare da ƙayyade "NOPASSWD" a cikin ƙa'idar ba, akwai lahani. ba mai amfani ba, Tun da a cikin sudoers yanayin "Defaults targetpw" yana kunna ta tsohuwa, wanda ke bincika UID akan bayanan kalmar sirri kuma yana sa ku shigar da kalmar sirrin mai amfani. Don irin waɗannan tsarin, ana iya kai hari idan akwai ƙa'idodin tsari:

myhost ALL = (ALL,! tushen) NOPASSWD: /usr/bin/id

Matsalolin da aka gyara a cikin fitarwa Sudo 1.8.28. Ana samun gyaran kuma a cikin sigar faci. A cikin na'urorin rarrabawa, an riga an daidaita rashin lafiyar a ciki Debian, Arch Linux, SUSE/budeSUSE, Ubuntu, Gentoo и FreeBSD. A lokacin rubutawa, matsalar ba ta gyara ba RHEL и Fedora. Masu binciken tsaro daga Apple ne suka gano raunin.

source: budenet.ru

Add a comment