An gano yanayin rauni a cikin GDM

Darkcrizt

4 minti

Mai binciken tsaro ta GitHub sanar dashi kwanan nan kun gano yanayin rauni (CVE-2020-16125) a cikin GNOME Display Manager (GDM), wanda ke da alhakin nuna allon shiga.

Haɗe tare da wani rauni - a cikin sabis ɗin bin diddigin asusun (asusun-daemon), matsalar ta bawa lambar damar aiki a matsayin tushe.  Theaƙidar yanayin yana haɗuwa da ƙaddamarwar ba daidai ba na mai amfani da tsarin daidaitawa na farko idan ba shi yiwuwa a sami damar sabis ɗin daemon ta hanyar DBus.

Game da rauni

Mai amfanin da bashi da gata zai iya lalata ayyukan asusun-daemon ko kashe waya, me zai haifar da yanayi don amfanin gnome-initial-setup wanda za'a gudanar dashi daga GDM, ta inda sabon mai amfani zai iya rajista azaman memba na kungiyar sudo, ma'ana, suna da ikon gudanar da shirye-shirye azaman tushe.

A yadda aka saba GDM yana kiran gnome-farkon-saiti don saita mai amfani na farko idan babu asusu a cikin tsarin. Tabbatar da kasancewar asusun ana yin su ta hanyar tuntuɓar asusun-daemon. Idan aikin da aka ƙayyade ya kasa, GDM yana ɗaukar asusun sun ɓace kuma yana farawa tsarin daidaitawar farko.

Mai binciken ya gano hanyoyi biyu don lalata tsarin daemon-asusun- Na farko (CVE-2020-16126) ya kasance ne saboda sake saiti gata mara kyau kuma na biyu (CVE-2020-16127) kuskure yayin aiwatar da fayil ɗin ".pam_environment".

Har ila yau, an sami wani yanayin rauni a cikin asusun daemon (CVE-2018-14036) lalacewa ta hanyar kuskuren hanyar hanyar duba fayil da kuma barin abun cikin fayilolin sabani akan tsarin.

Rashin daidaito a cikin asusun-daemon yana faruwa ne ta hanyar canje-canje da masu haɓaka Ubuntu suka yi kuma baya bayyana a cikin babban asusun asusun-daemon na aikin FreeDesktop da kunshin Debian.

Batun CVE-2020-16127 ya kasance a cikin facin da aka ƙara a Ubuntu wanda ke aiwatar da aikin is_in_pam_environment, wanda ke karanta abubuwan cikin fayil ɗin .pam_environment daga cikin kundin adireshin gidan mai amfani. Idan kun sanya alamar haɗi zuwa / dev / sifili a madadin wannan fayil ɗin, aikin asusun daemon ya rataya akan ayyukan karantawa mara iyaka kuma ya daina amsa buƙatun ta hanyar DBus.

Baƙon abu ne ga yanayin rauni a cikin tsarin aiki na zamani don zama mai sauƙin amfani. A wasu lokuta, Na rubuta dubunnan layuka don yin amfani da yanayin rauni. 

Yawancin amfani na zamani sun haɗa da dabaru masu rikitarwa, kamar amfani da raunin lalata ƙwaƙwalwar ajiya don ɓoye abubuwa na jabu a cikin tsibirin, ko maye gurbin fayil ɗin tare da alaƙa zuwa daidaiton microsecond don amfani da yanayin rashin lafiyar TOCTOU. 

Don haka awannan zamanin yana da matukar wuya a sami raunin da ba ya buƙatar ƙwarewar lambar don amfani. Har ila yau, ina tsammanin yanayin rauni yana da sauƙin fahimta, koda kuwa ba ku da masaniyar yadda Ubuntu ke aiki ko ƙwarewa a cikin binciken tsaro.

CVE-2020-16126 raunin ne ya haifar da wani facin wanda ke sake saita gatan mai amfani a halin yanzu yayin aiwatar da wasu kiran DBus (misali, org.freedesktop.Accounts.User.SetLanguage).

Tsarin daemon na asusu yana gudana kamar yadda tushe, wanda ke hana mai amfani na yau da kullun aika sigina.

Amma godiya ga ƙarin facin, za a iya sake saita gata na tsari kuma mai amfani na iya ƙare wannan aikin ta hanyar aika sigina. Don aiwatar da hari, kawai ƙirƙirar yanayi don cire gata (RUID) kuma aika siginar SIGSEGV ko SIGSTOP zuwa tsarin daemon lissafi.

Mai amfani ya ƙare zaman zane kuma ya tafi zuwa na'urar wasan bidiyo (Ctrl-Alt-F1).
Bayan zaman zane ya ƙare, GDM yayi ƙoƙarin nuna allon shiga, amma rataye lokacin da ake ƙoƙarin samun amsa daga asusun-daemon.

Ana aika sakonnin SIGSEGV da SIGCONT daga na'ura mai kwakwalwa zuwa tsarin daemon lissafi, wanda hakan yasa ya rataye.

Hakanan zaka iya aika sigina kafin fita daga zane, amma dole ne yin hakan tare da jinkiri don samun lokacin gama zaman kuma kafin a aika siginar, GDM yana da lokacin farawa.

Buƙatar daemon na asusun ajiyar kuɗi a cikin GDM ya gaza kuma GDM ya kira gnome-farko-saitin mai amfani, wanda a cikin aikinsa ya isa ƙirƙirar sabon asusu.

An daidaita yanayin rauni a cikin GNOME 3.36.2 da 3.38.2. An tabbatar da amfani da yanayin rashin lafiyar a cikin Ubuntu da dangoginsa.

Source: https://securitylab.github.com


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.