Sesebelisoa se matla , e kenyellelitsoeng le OpenBSD, e ka, tlas'a maemo a itseng, - likopo li tlohela LD_LIBRARY_PATH tikoloho e feto-fetohang 'me kahoo e lumella khoutu ea motho oa boraro hore e kenngoe molemong oa ts'ebetso e nang le litokelo tse phahameng. Lipache tse lokisang tlokotsi li teng bakeng sa ho lokolloa и . Li-patches tsa binary () bakeng sa li-platform tsa amd64, i386 le arm64 li se li ntse li hlahisoa 'me li lokela ho ba teng bakeng sa ho khoasolla nakong eo litaba tsena li phatlalatsoang.
Moko oa bothata: nakong ea ts'ebetso, ld.so pele e ntša boleng ba LD_LIBRARY_PATH e fapaneng ho tloha tikolohong 'me, ka ho sebelisa _dl_split_path () tshebetso, e e fetola mefuta e mengata ea likhoele - litsela tse eang ho li-directory. Haeba hamorao ho bonahala hore ts'ebetso ea morao-rao e qalisoa ke kopo ea SUID / SGID, joale sehlopha se bōpiloeng 'me, ha e le hantle, phetoho ea LD_LIBRARY_PATH e hlakotsoe. Ka nako e ts'oanang, haeba _dl_split_path() e felloa ke mohopolo (e leng thata ka lebaka la moeli o hlakileng oa 256 kB ka boholo ba mefuta-futa ea tikoloho, empa ho ea ka khopolo e ka khonehang), joale _dl_libpath e tla fumana boleng NULL, le licheke tse latelang tsa boleng ba phetoho ena bo tla qobella ho tlola mohala ho _dl_unsetenv("LD_LIBRARY_PATH").
Kotsi e fumanoeng ke litsebi , moho le mathata. Bafuputsi ba ts'ireletso ba hlokometseng bofokoli ba hlokometse hore na bothata bo rarollotsoe kapele hakae: patch e lokisitsoe mme lintlafatso li ile tsa lokolloa nakong ea lihora tse tharo kamora hore projeke ea OpenBSD e fumane tsebiso.
Keketso: Bothata bo filwe nomoro . E entsoe lethathamong la mangolo a oss-security , ho kenyelletsa le ts'ebetso ea prototype e sebetsang ho OpenBSD 6.6, 6.5, 6.2 le 6.1 meralo ea meralo.
amd64 le i386 (ts'ebetso e ka fetoloa bakeng sa meaho e meng).
Taba ena e ka sebelisoa ts'ebetsong ea kamehla mme e lumella mosebelisi oa lehae ea se nang tokelo hore a phethe khoutu e le motso ka ho kenya laeborari ha a sebelisa lits'ebeletso tsa chpass kapa passwd suid. Ho theha maemo a mohopolo a tlase a hlokahalang bakeng sa ts'ebetso, beha moeli oa RLIMIT_DATA ka setrlimit.
Source: opennet.ru