Dynamic loader , inosanganisirwa neOpenBSD, inogona, mune mamwe mamiriro, - zvikumbiro zvinosiya iyo LD_LIBRARY_PATH nharaunda inoshanduka uye nekudaro inobvumira yechitatu-bato kodhi kuti itakurwe mumamiriro ekuita maitiro ane ropafadzo dzakakwirira. Mapeche anogadzirisa kusagadzikana anowanikwa pakuburitswa ΠΈ . Binary patches () yeamd64, i386 uye arm64 mapuratifomu atove mukugadzirwa uye anofanirwa kuwanikwa kuti adhawunirodhe panguva inoburitswa nhau.
Chinokosha chedambudziko: panguva yekushanda, ld.so inotanga kubvisa kukosha kweLD_LIBRARY_PATH kushanduka kubva kune zvakatipoteredza uye, uchishandisa _dl_split_path () basa, inoshandura kuita mutsara wetambo - nzira kune zvinyorwa. Kana zvikazoitika kuti maitiro azvino anotangwa neSUID/SGID application, ipapo iyo yakagadzirwa array uye, chokwadi, iyo LD_LIBRARY_PATH kusiyanisa inobviswa. Panguva imwecheteyo, kana _dl_split_path() ikapera mundangariro (izvo zvakaoma nekuda kwe256 kB muganho wakajeka pahukuru hwezvakasiyana nharaunda, asi ne theoretically zvinogoneka), ipapo _dl_libpath musiyano uchagamuchira kukosha NULL, uye kunotevera macheki e. kukosha kwekusiyana uku kunomanikidza kusvetuka kudanwa ku _dl_unsetenv("LD_LIBRARY_PATH").
Kusagadzikana kunowanikwa nenyanzvi , naizvozvowo matambudziko. Vatsvakurudzi vekuchengetedza vakaona kusagadzikana vakacherechedza kuti dambudziko rakagadziriswa sei nekukurumidza: chigamba chakagadzirirwa uye zvigadziriso zvakaburitswa mukati memaawa matatu mushure mekunge chirongwa cheOpenBSD chagamuchira chiziviso.
Wedzero: Dambudziko rapihwa nhamba . Yakagadzirwa pane oss-security yekutumira rondedzero , kusanganisira prototype exploit inomhanya paOpenBSD 6.6, 6.5, 6.2 uye 6.1 zvivakwa.
amd64 uye i386 (iyo yekushandisa inogona kuchinjirwa kune mamwe madhizaini).
Iyo nyaya inobatika mukumisikidzwa kwekumisikidza uye inobvumira mushandisi wemuno asina rusarura kuti aite kodhi semudzi kuburikidza nekutsiva raibhurari paunenge uchimhanyisa chpass kana passwd suid zvishandiso. Kugadzira iyo yakaderera-memory mamiriro anodiwa pakushanda, isa iyo RLIMIT_DATA muganhu kuburikidza nesetrlimit.
Source: opennet.ru