Mutsara wekusagadzikana wakaonekwa mu swhkd (Simple Wayland HotKey Daemon) yakakonzerwa nebasa risiri iro rine mafaira enguva pfupi, mitsara yemirairo uye Unix sockets. Iyo purogiramu yakanyorwa neRust uye inobata hotkey kudzvanya munzvimbo dzakavakirwa paWayland protocol (inogadzirisa-faira-inopindirana analogue ye sxhkd process inoshandiswa muX11-based environments).
Iyo pasuru inosanganisira isina kurongeka swhks maitiro anoita hotkey zviito, uye yekumashure swhkd maitiro ayo anomhanya semudzi uye anodyidzana nemidziyo yekupinza padanho reUinput API. Unix socket inoshandiswa kuronga kudyidzana pakati pe swhks ne swhkd. Uchishandisa mitemo yePolkit, chero mushandisi wepanzvimbo anogona kumhanyisa iyo /usr/bin/swhkd maitiro semudzi uye kupfuudza zvisingaite paramita kwairi.
Zvinozivikanwa vulnerabilities:
- CVE-2022-27815 - Kuchengetedza chirongwa chePID kune faira rine zita rinofanotaurwa uye mune dhairekitori rinonyorwa nevamwe vashandisi (/tmp/swhkd.pid). Chero mushandisi anogona kugadzira faira /tmp/swhkd.pid uye kuisa pid yemaitiro aripo mairi, izvo zvichaita kuti swhkd isakwanise kutanga. Kana pasina dziviriro kubva pakugadzira zvinongedzo zvinongedzo mu /tmp, njodzi inogona kushandiswa kugadzira kana kunyora pamusoro mafaera mune chero system dhairekitori (iyo PID inonyorerwa kufaira) kana kuona zvirimo mune chero faira pane system (swhkd inodhinda zvese zviri mukati mePID faira kuti stdout). Zvinokosha kuziva kuti mukugadzirisa kwakasunungurwa faira yePID yakaendeswa kwete ku / run directory, asi ku /etc directory (/etc/swhkd/runtime/swhkd_{uid}.pid), iyo isiriwo.
- CVE-2022-27814 - Nekushandisa iyo "-c" yekuraira mutsara sarudzo inoshandiswa kutsanangura faira yekumisikidza, zvinokwanisika kuona kuvepo kwechero faira pane system. Semuenzaniso, kutarisa / root/.somefile unogona kumhanya "pkexec /usr/bin/swhkd -d -c /root/.somefile" uye kana faira isipo, kukanganisa "/root/.somefile haipo β zvicharatidzwa. Senyaya yekusagadzikana kwekutanga, kugadzirisa dambudziko kunokatyamadza - kugadzirisa dambudziko kunoenderana nekuti chinhu chekunze "katsi" ('Command::new(β/bin/catβ)).arg(nzira) yatangwa kuti iverenge faira rekugadzirisa. output()').
- CVE-2022-27819 - Nyaya iyi zvakare ine chekuita nekushandiswa kweiyo "-c" sarudzo, izvo zvinoita kuti faira rese rekugadzirisa ritakurwe uye kupatsanurwa pasina kutarisa saizi uye rudzi rwefaira. Semuenzaniso, kukonzeresa kurambwa kwesevhisi nekubuda mundangariro yemahara uye kugadzira yakashata I/O, unogona kutsanangura mudziyo wekuvhara pakutanga ("pkexec / usr/bin/swhkd -d -c /dev/sda") kana mudziyo wehunhu unogadzira data risingaperi . Dambudziko rakagadziriswa nekugadzirisazve maropafadzo asati avhura faira, asi kugadzirisa hakuna kupera, sezvo chete mushandisi ID (UID) inogadziriswa, asi boka ID (GID) rinoramba rakafanana.
- CVE-2022-27818 - A Unix socket inogadzirwa uchishandisa iyo /tmp/swhkd.sock faira rakagadzirwa mune inonyorwa dhairekitori, izvo zvinotungamira kune dzakafanana nenyaya sekutanga kusagadzikana (chero mushandisi anogona kugadzira /tmp/swhkd.sock uye kugadzira kana kubata keypress zviitiko).
- CVE-2022-27817 - Zviitiko zvekupinza zvinogamuchirwa kubva kune ese maturusi uye muzvikamu zvese, i.e. mushandisi kubva kune imwe Wayland chikamu kana kubva kune koni anogona kubata zviitiko kana hotkeys dzakatsikirirwa nevamwe vashandisi.
- CVE-2022-27816 Iyo swhks process, senge swhkd, inoshandisa iyo PID faira /tmp/swhks.pid mune inonyorwa /tmp dhairekitori. Dambudziko rakafanana nekutanga kusagadzikana, asi harina njodzi nekuti swhks iri kushanda pasi pemushandisi asina rombo rakanaka.
Source: opennet.ru