Abacwaningi abavela kwaCheck Point engqungqutheleni ye-DEF CON, imininingwane yesu elisha lokuhlasela izinhlelo zokusebenza kusetshenziswa izinguqulo ezisengozini ze-SQLite. Indlela Yephoyinti Lokuhlola ibheka amafayela esizindalwazi njengethuba lokuhlanganisa izimo zokusebenzisa ubungozi ezinhlelweni ezingaphansi ezihlukahlukene zangaphakathi ze-SQLite ezingasebenziseki ngokuqondile. Abacwaningi baphinde balungiselela isu lokuxhaphaza ubungozi ngokubhala ukuxhaphaza ngendlela yochungechunge lwemibuzo ethi KHETHA kusizindalwazi se-SQLite, esikuvumela ukuthi udlule i-ASLR.
Ukuze kube nokuhlasela okuyimpumelelo, kuyadingeka ukwazi ukuguqula amafayela esizindalwazi sezinhlelo zokusebenza ezihlaselwe, okukhawulela indlela yokuhlasela izinhlelo zokusebenza ezisebenzisa isizindalwazi se-SQLite njengefomethi yedatha yezokuthutha kanye neyokufaka. Indlela ingase futhi isetshenziselwe ukwandisa ukufinyelela kwendawo okukhona, isibonelo, ukuhlanganisa izicabha ezifihliwe ezinhlelweni ezisetshenziswayo, kanye nokudlula izindlela zokuphepha lapho kuhlaziywa uhlelo olungayilungele ikhompuyutha ngabacwaningi bezokuphepha. Ukusebenza ngemva kokushintshwa kwefayela kwenziwa ngesikhathi isicelo senza umbuzo wokuqala KHETHA ngokumelene netafula kusizindalwazi esilungisiwe.
Njengesibonelo, sibonise amandla okusebenzisa ikhodi ku-iOS lapho sivula incwadi yamakheli, ifayela elinesizindalwazi se-“AddressBook.sqlitedb” lashintshwa kusetshenziswa indlela ehlongozwayo. Ukuhlasela kusebenzise ubungozi emsebenzini we-fts3_tokenizer (CVE-2019-8602, ikhono le-pointer dereference), elilungiswe kusibuyekezo sika-April SQLite 2.28, kanye nokunye. ekusetshenzisweni kwemisebenzi yewindi. Ukwengeza, ukusetshenziswa kwendlela yokubamba ukude ukulawula kweseva ye-backend yomhlaseli ebhalwe ku-PHP, eqoqa amaphasiwedi abanjwe ngesikhathi sokusebenza kwekhodi enonya (amagama ayimfihlo abanjwe adluliswa ngendlela ye-SQLite database), kwaboniswa.
Indlela yokuhlasela isuselwe ekusetshenzisweni kwamasu amabili “Ukudunwa Kwemibuzo” kanye “Ne-Query Oriented Programming”, evumela ukuxhashazwa kwezinkinga ngokunganaki eziholela ekonakaleni kwenkumbulo enjinini ye-SQLite. Ingqikithi “Yokudunwa Kwemibuzo” iwukumiselela okuqukethwe kwenkambu ethi “sql” kuthebula lesevisi le-sqlite_master, elinquma ukwakheka kwesizindalwazi. Inkambu eshiwo iqukethe ibhulokhi ye-DDL (Data Definition Language) esetshenziselwa ukuchaza ukwakheka kwezinto kusizindalwazi. Incazelo icaciswe kusetshenziswa i-syntax ye-SQL ejwayelekile, i.e. kusetshenziswa ukwakhiwa kwe-"CREATE TABLE",
eyenziwa ngesikhathi senqubo yokuqalisa isizindalwazi (ngesikhathi sokwethulwa kokuqala
Imisebenzi ye-sqlite3LocateTable ukudala izakhiwo zangaphakathi ezihlobene netafula kumemori.
Umqondo uwukuthi, ngenxa yokushintsha elithi “DALA ITHEBULA” ngokuthi “CREATE VIEW”, kuyenzeka ukwazi ukulawula noma yikuphi ukufinyelela kusizindalwazi ngokuchaza owakho umbono. Ukusebenzisa okuthi "CREATE VIEW" umsebenzi othi "KHETHA" kuboshelwe etafuleni, elizobizwa esikhundleni sokuthi "CREATE TABLE" futhi likuvumela ukuthi ufinyelele izingxenye ezihlukene zotolika we-SQLite. Okulandelayo, indlela elula yokuhlasela izoba ukubiza umsebenzi we-"load_extension", okuvumela ukuthi ulayishe umtapo wolwazi ongekho emthethweni ngesandiso, kodwa lo msebenzi ukhutshaziwe ngokuzenzakalelayo.
Ukuze wenze ukuhlasela uma kungenzeka ukwenza umsebenzi othi "KHETHA", kuhlongozwa indlela ethi "Query Oriented Programming", eyenza kube nokwenzeka ukuxhaphaza izinkinga ku-SQLite eziholela ekonakaleni kwenkumbulo. Le nqubo ikhumbuza izinhlelo ezigxile ekubuyiseleni (, I-Return-Oriented Programming), kodwa isebenzisa amazwibela angekho ekhodi yomshini ukuze yakhe uchungechunge lwamakholi (“amagajethi”), kodwa ifaka kusethi yemibuzo engaphansi ngaphakathi kokuthi KHETHA.
Source: opennet.ru