Dynamic loader , yophatikizidwa ndi OpenBSD, mwina, pazifukwa zina, - mapulogalamu amasiya kusintha kwa chilengedwe cha LD_LIBRARY_PATH ndipo motero amalola kuti code ya chipani chachitatu ikwezedwe malinga ndi ndondomeko yomwe ili ndi mwayi wapamwamba. Zigamba zomwe zimakonza chiwopsezo zilipo kuti zitulutsidwe ΠΈ . Zigamba za binary () pamapulatifomu amd64, i386 ndi arm64 akupanga kale ndipo akuyenera kupezeka kuti atsitsidwe pofika nthawi yomwe nkhanizi zimasindikizidwa.
Chofunikira chavuto: panthawi yogwira ntchito, ld.so choyamba imachotsa mtengo wa LD_LIBRARY_PATH kusintha kuchokera ku chilengedwe ndipo, pogwiritsa ntchito _dl_split_path () ntchito, imasandulika kukhala mndandanda wa zingwe - njira zopita kumalo. Zikawoneka kuti zomwe zikuchitika pano zimayambitsidwa ndi pulogalamu ya SUID/SGID, ndiye kuti gulu lomwe linapangidwa ndipo, kwenikweni, kusintha kwa LD_LIBRARY_PATH kumachotsedwa. Panthawi imodzimodziyo, ngati _dl_split_path () itatha kukumbukira (zomwe zimakhala zovuta chifukwa cha malire omveka bwino a 256 kB pa kukula kwa kusintha kwa chilengedwe, koma mwachidziwitso kotheka), ndiye kuti _dl_libpath idzalandira mtengo NULL, ndi kufufuza kotsatira. kufunika kwa kusinthaku kudzakakamiza kudumpha kuyimbira ku _dl_unsetenv("LD_LIBRARY_PATH").
Chiwopsezo chopezeka ndi akatswiri , komanso mavuto. Ofufuza zachitetezo omwe adazindikira chiwopsezochi adazindikira momwe vutoli linathetsedwa mwachangu: chigamba chinakonzedwa ndipo zosintha zidatulutsidwa mkati mwa maola atatu polojekiti ya OpenBSD italandira chidziwitso.
Kuwonjezera: Vuto wapatsidwa nambala . Zapangidwa pamndandanda wamakalata a oss-security , kuphatikiza ma prototype exploit yomwe ikuyenda pa OpenBSD 6.6, 6.5, 6.2 ndi 6.1 zomangamanga
amd64 ndi i386 (zogwiritsa ntchito zitha kusinthidwa pazomanga zina).
Nkhaniyi ikugwiritsidwa ntchito pakuyika kosasintha ndipo imalola wogwiritsa ntchito m'deralo kuti agwiritse ntchito code ngati muzu kudzera m'malo mwa laibulale akamayendetsa zida za chpass kapena passwd suid. Kuti mupange zokumbukira zochepa zofunika kuti mugwire ntchito, ikani malire a RLIMIT_DATA kudzera pa setrlimit.
Source: opennet.ru