Kwanan nan an bayyana yanayin rashin lafiya a cikin sudo mai amfani (ana amfani da shi don tsara bayar da haƙƙin gudanarwa zuwa shiri guda ɗaya ko aiwatar da umarni a madadin sauran masu amfani)CVE-2019-18634", hakan zai baka damar kara samun gata akan tsarin don mai amfani da tushen.
An gano matsalar tun fitowar sudo sigar 1.7.1 har zuwa sigar 1.8.29 wanda ana iya amfani dashi kawai lokacin amfani da zaɓi "pwfeedback" a cikin fayil ɗin / sauransu / sudoers, wanda aka dakatar dashi ta asali, a cikin sudo na gaba, amma ana kunna shi a cikin wasu rarrabawa kamar Linux Mint da Elementary OS.
Zaɓin «pwfeedback» yana ba da damar nuna halayen «*» bayan kowane hali sun shiga yayin shigar da kalmar wucewa.
Saboda kuskure a cikin aiwatar da aikin getln () wanda aka bayyana a cikin fayil ɗin tgetpass.c, ƙarƙashin daidaitaccen tsarin shigar da bayanai (stdin), dogon layi tare da kalmar wucewa bazai dace a cikin ajiyar da aka ware ba sannan kuma sake rubuta wasu bayanan akan tarin. Zubewar ruwa yana faruwa yayin gudanar da lambar sudo tare da gatan tushen.
Jigon matsalar shine idan ana amfani dashi hali na musamman ^ U yayin aikin shigarwa (layin sharewa) kuma lokacin da aikin rubuta ya kasa, lambar da ke da alhakin share haruffan fitarwa "*" sun sake saita bayanai game da girman abin da ke akwai, amma ba ya dawo da mai nunawa zuwa asalin asalin matsayinsa na yanzu ba.
Wani abin bayarda gudummawa ga aikin shine rashin kashewar atomatik na yanayin pwfeedback. lokacin da aka karɓi bayanan ba daga tashar ba amma ta hanyar shigarwar shigarwa (wannan lahani yana ba da damar ƙirƙirar yanayi don kuskuren rikodi, misali, a cikin tsarin tare da tashoshin unidirectional da ba a ambata suna ba, kuskure yana faruwa yayin ƙoƙarin rikodin ofarshen tashar don karantawa)
Tun da maharin zai iya sarrafa cikakken rubutun bayanan akan tarin, ba shi da wahala ƙirƙirar amfani wanda zai ba ku damar haɓaka gatancinku ga tushen mai amfani.
Matsalar na iya amfani da kowane mai amfani, ba tare da la'akari da haƙƙin amfani da sudo da kasancewar saitunan takamaiman mai amfani a cikin sudoers ba.
Mai amfani tare da gatan sudo zai iya bincika idan «pwfeedback»Ana kunna ta ta guje:
sudo -l
Ee "pwfeedback»Ya bayyana a cikin fitarwa« Daidaita Tsoffin Abubuwan ueimar Shiga », sanyi na zufa tana kama da abin ya shafa. A cikin misali mai zuwa, sanyi na zufa mai rauni ne:
sudo -l Matching Defaults entries for “USER” on linux-build: insults, pwfeedback, mail_badpass, mailerpath=/usr/sbin/sendmail
Mai amfani da AMFANI zai iya gudanar da waɗannan umarnin a cikin Linux-gina:
(ALL: ALL) ALL
Game da kwaro, an bayyana cewa za a iya amfani da kuskuren ba tare da buƙatar izinin sudo ba, yana buƙatar hakan ne kawai pwfeedback an kunna. Za'a iya sake buga kuskuren ta hanyar wucewa da babban shigar sudo ta bututu lokacin da ya nemi kalmar sirri.
Alal misali:
perl -e 'print(("A" x 100 . "\x{00}") x 50)' | sudo -S id Password: Segmentation faultAkwai kurakurai guda biyu waɗanda ke ba da gudummawa ga wannan yanayin rauni:
-
Ba a yi watsi da "pwfeedback" ba, kamar yadda ya kamata, yayin karantawa daga wani abu ban da na'urar tashar. Saboda rashin m, abin da aka adana na halin goge layin ya kasance a ƙimar farawa na 0.
-
Lambar da ke share layin taurari ba ta sake saita matsayin buffer daidai idan akwai kuskuren rubutu, amma yana sake saita sauran tsararren buffer. A sakamakon haka, aikin getln () na iya rubuta bayan ƙarshen ajiyar.
A ƙarshe, An bayar da rahoton matsalar ta gyaru a sigar sudo 1.8.31, wanda aka buga aan awanni da suka gabata. Kodayake a cikin rarrabawa, raunin ya kasance ba a gyara shi ba don haka Ana tambayar masu amfani da abubuwan rarraba ko cewa sun gano cewa daidaitawar pwfeedback yana cikin fayil din / sauransu / sudoers, sabuntawa zuwa sabuwar sigar sudo.
An ambata cewa don toshe matsalar, Abu mafi mahimmanci shine dole ne ka tabbatar cewa daidaitawar /pwfeedback ba a ciki / sauransu / sudoers kuma idan ya cancanta, dole a kashe shi.
Source: https://www.openwall.com