Ihe nbunye dị ike , gụnyere na OpenBSD, nwere ike, n'okpuru ụfọdụ ọnọdụ, - ngwa na-ahapụ LD_LIBRARY_PATH mgbanwe gburugburu ebe obibi wee si otú a na-enye ohere ịkwanye koodu ndị ọzọ n'ọnọdụ nke usoro na-arụ ọrụ nwere nnukwu ihe ùgwù. Patches na-edozi adịghị ike dị maka mwepụta и . patches ọnụọgụ abụọ () n'ihi na amd64, i386 na arm64 nyiwe na-a na-arụ ọrụ na kwesịrị ịdị maka nbudata site n'oge a na-ebipụta akụkọ a.
Isi nsogbu ahụ: n'oge ọrụ, ld.so na-ebu ụzọ wepụ uru nke LD_LIBRARY_PATH na-agbanwe site na gburugburu ebe obibi na, na-eji ọrụ _dl_split_path () mee ihe, na-atụgharị ya n'usoro nke eriri - ụzọ na akwụkwọ ndekọ aha. Ọ bụrụ na ọ mechara pụta na usoro SUID/SGID na-amalite ugbu a, mgbe ahụ, a na-ehichapụ ihe ndị e kere eke na, n'eziokwu, LD_LIBRARY_PATH agbanweela. N'otu oge ahụ, ọ bụrụ na _dl_split_path () na-agwụ na ebe nchekwa (nke siri ike n'ihi njedebe 256 kB doro anya na nha nke mgbanwe gburugburu ebe obibi, ma ọ ga-ekwe omume), mgbe ahụ, _dl_libpath variable ga-enweta uru NULL, na nyocha ndị na-esote. Uru nke mgbanwe a ga-amanye ịfefe oku na _dl_unsetenv("LD_LIBRARY_PATH").
Achọpụtara adịghị ike nke ndị ọkachamara , yana nsogbu. Ndị nyocha nchekwa bụ ndị chọpụtara adịghị ike ahụ kwuru etu esi edozi nsogbu ahụ ngwa ngwa: akwadoro patch ma wepụta mmelite n'ime awa atọ mgbe ọrụ OpenBSD natara ọkwa.
Mgbakwunye: Enyerela nsogbu ahụ nọmba . Emere na ndepụta nzipu ozi oss-security , gụnyere prototype irigbu na-agba ọsọ na OpenBSD 6.6, 6.5, 6.2 na 6.1 architectures
amd64 na i386 (nwere ike ịmegharị nrigbu maka ụlọ ndị ọzọ).
Okwu a ga-erigbu na nrụnye ndabara ma na-enye onye ọrụ mpaghara na-enweghị ohere ịme koodu dị ka mgbọrọgwụ site na ngbanwe ọbá akwụkwọ mgbe ọ na-agba ọsọ chpass ma ọ bụ passwd suid utilities. Iji mepụta ọnọdụ nchekwa dị ala dị mkpa maka ịrụ ọrụ, tọọ oke RLIMIT_DATA site na setrlimit.
isi: opennet.ru
