Chiwopsezo (CVE-2023-22809) chadziwika mu phukusi la sudo, lomwe limagwiritsidwa ntchito pokonzekera kutsata malamulo m'malo mwa ogwiritsa ntchito ena, zomwe zimalola wogwiritsa ntchito wamba kuti asinthe fayilo iliyonse pamakina, yomwe imawalola. kuti mupeze ufulu wa mizu posintha /etc/shadow kapena system scripts. Kugwiritsa ntchito pachiwopsezo kumafuna kuti wogwiritsa ntchito mufayilo ya sudoers apatsidwe ufulu wogwiritsa ntchito sudoedit kapena "sudo" ndi "-e" mbendera.
Chiwopsezochi chimayamba chifukwa chosagwira bwino zilembo za "-" posankha zosintha zomwe zimatanthauzira pulogalamu yoyitanidwa kuti isinthe fayilo. Mu sudo, mndandanda wa "-" umagwiritsidwa ntchito kulekanitsa mkonzi ndi mikangano pamndandanda wamafayilo omwe akukonzedwa. Wowukira akhoza kuwonjezera mndandanda wa "-file" pambuyo pa njira yosinthira ku SUDO_EDITOR, VISUAL, kapena EDITOR zosintha zachilengedwe, zomwe zingayambitse kusintha kwa fayilo yomwe yatchulidwa ndi mwayi wapamwamba popanda kuyang'ana malamulo ogwiritsira ntchito mafayilo.
Chiwopsezochi chikuwoneka kuyambira panthambi 1.8.0 ndipo idakhazikitsidwa muzosintha zowongolera sudo 1.9.12p2. Kusindikizidwa kwa zosintha zamaphukusi pamagawidwe kumatha kutsatiridwa pamasamba: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Arch, FreeBSD, NetBSD. Monga njira yothanirana ndi chitetezo, mutha kuyimitsa kusintha kwa SUDO_EDITOR, VISUAL ndi EDITOR pofotokoza mu sudoers: Defaults!sudoedit env_delete+="SUDO_EDITOR VISUAL EDITOR"
Source: opennet.ru