Mukushandisa , inoshandiswa kuronga kuitiswa kwemirairo pachinzvimbo chevamwe vashandisi, kusagadzikana (), iyo inokutendera kuti uwedzere ropafadzo dzako muhurongwa kune mudzi mushandisi. Dambudziko rinongoonekwa kubva pakaburitswa sudo 1.7.1 paunenge uchishandisa "pwfeedback" sarudzo mu /etc/sudoers faira, iyo inovharwa nekusarudzika asi inogoneswa pane kumwe kugoverwa seLinux Mint uye Elementary OS. Nyaya yakagadziriswa mukusunungurwa , rakabudiswa maawa mashoma apfuura. Kusagadzikana kunoramba kusina kugadziriswa mumakiti ekugovera.
Iyo "pwfeedback" sarudzo inogonesa kuratidzwa kweiyo "*" hunhu mushure meumwe neumwe apinda hunhu kana uchiisa password. Nekuda kwe Mukushandiswa kwegetln () basa, rinotsanangurwa mu tgetpass.c faira, tambo yakakura kwazvo yepassword yakapfuura kuburikidza neyakajairwa yekupinda rwizi (stdin) pasi pemamwe mamiriro inogona kusakwana mune yakagoverwa buffer uye kunyora pamusoro peimwe data pane stack. Kufashukira kunoitika kana uchimhanyisa sudo kodhi semudzi.
Chakanyanya chedambudziko ndechekuti kana uchishandisa iyo yakakosha hunhu ^ U (kubvisa mutsara) panguva yekuisa uye kana basa rekunyora rikatadza, iyo kodhi ine basa rekubvisa zvakabuda "*" mavara anodzosera iyo data pane iripo buffer saizi, asi haidaro. dzosera chinongedzo kune yekutanga kukosha ikozvino chinzvimbo mubuffer. Chimwe chinhu chinokonzera kushandiswa kushaikwa kwekudzima otomatiki kwe "pwfeedback" modhi kana data rasvika kwete kubva kune terminal, asi kuburikidza nerukova rwekupinda (ichi chikanganiso chinobvumira kugadzira mamiriro ekuti kukanganisa kwekurekodha kuitike, semuenzaniso, pamasystem ane unidirectional kukanganisa kunoitika paunenge uchiedza kunyora kusvika kumagumo enzira yekuverenga).
Sezvo munhu anorwisa aine hutongi hwakakwana pamusoro pekunyora kwedata pane stack, hazvina kuoma kugadzira chisimba chinomubvumira kukwidziridza ropafadzo dzake kumidzi. Dambudziko rinogona kushandiswa chero mushandisi, zvisinei nemvumo ye sudo kana mushandisi-chaiwo marongero mune sudoers. Kuvhara dambudziko, unofanirwa kuve nechokwadi chekuti hapana "pwfeedback" yekumisikidza mu /etc/sudoers uye, kana zvichidikanwa, dzima ("Defaults !pwfeedback"). Kuti uone kana paine dambudziko, unogona kumhanya kodhi:
$ perl -e 'print(("A" x 100 . "\x{00}") x 50)' | sudo -S id
Password: Segmentation kukanganisa
Source: opennet.ru