Isilayishi esinamandla , kufakwe ne-OpenBSD, kungenzeka, ngaphansi kwezimo ezithile, - izinhlelo zokusebenza zishiya i-LD_LIBRARY_PATH eguquguqukayo yemvelo futhi ngaleyo ndlela zivumela ikhodi yenkampani yangaphandle ukuthi ilayishwe kumongo wenqubo esebenza ngamalungelo aphakeme. Amapeshi alungisa ukuba sengozini ayatholakala ukuze akhishwe ΠΈ . Amapheshana kanambambili () yezingxenyekazi ze-amd64, i386 kanye ne-arm64 sezivele ziyakhiqizwa futhi kufanele zitholakale ukuze zilandwe ngesikhathi lezi zindaba zishicilelwa.
Ingqikithi yenkinga: ngesikhathi sokusebenza, i-ld.so iqala ngokukhipha inani lokuhluka kwe-LD_LIBRARY_PATH kumvelo futhi, kusetshenziswa umsebenzi _dl_split_path(), iguqule ibe uchungechunge lweyunithi yezinhlamvu - izindlela eziya kunkomba. Uma kamuva kuvela ukuthi inqubo yamanje iqalwa uhlelo lokusebenza lwe-SUID/SGID, uhlu oludaliwe futhi, empeleni, okuguquguqukayo kwe-LD_LIBRARY_PATH kuyasulwa. Ngesikhathi esifanayo, uma _dl_split_path() iphelelwa inkumbulo (okunzima ngenxa yomkhawulo ocacile ongu-256 kB kusayizi wezinto eziguquguqukayo zemvelo, kodwa okunokwenzeka ngokombono), khona-ke okuguquguqukayo kwe-_dl_libpath kuzothola inani NULL, nokuhlola okulandelayo inani lalokhu okuguquguqukayo lizophoqa ukweqa ucingo luye ku-_dl_unsetenv("LD_LIBRARY_PATH").
Ukuba sengozini kutholwe ngochwepheshe , kanye ne izinkinga. Abacwaningi bezokuphepha abahlonze ubungozi baqaphele ukuthi inkinga yaxazululwa ngokushesha kangakanani: ipheshi lalungiswa futhi kwakhishwa izibuyekezo phakathi namahora amathathu ngemuva kokuthi iphrojekthi ye-OpenBSD ithole isaziso.
Ukwengeza: Inkinga inikezwe inombolo . Kwenziwe ohlwini lwe-imeyili ye-oss-security , okuhlanganisa nokuxhaphaza kwe-prototype esebenza ku-OpenBSD 6.6, 6.5, 6.2 kanye ne-6.1 yezakhiwo
amd64 kanye ne-i386 (i-exploit ingashintshwa kwezinye izakhiwo).
Inkinga iyasebenziseka ekufakweni okuzenzakalelayo futhi ivumela umsebenzisi wasendaweni ongenamalungelo ukuthi asebenzise ikhodi njengempande ngokushintshanisa umtapo lapho esebenzisa izinsiza ze-chpass noma ze-passwd suid. Ukuze udale izimo zenkumbulo ephansi ezidingekayo ukuze usebenze, setha umkhawulo we-RLIMIT_DATA usebenzisa i-setrlimit.
Source: opennet.ru