An gyara sabon yanayin rauni a cikin editocin rubutu waɗanda aka riga aka girka akan rarrabawa daban-daban An samo Linux a cikin editocin rubutu Vim da Neovim (CVE-2019-12735).
Kwaron da aka samo a cikin waɗannan editocin damar masu fashin kwamfuta su sarrafa kwamfutoci yayin da masu amfani suka buɗe fayil ɗin rubutu mara kyau. An bayyana matsalar tare da aikin samfurin ta tsoho (": set modeline"), wanda ke ba ku damar ayyana zaɓuɓɓukan gyara a cikin fayil ɗin da ake sarrafawa.
Vim da cokalinsa na NeoVim sun ƙunshi aibu wanda ya zauna a cikin samfuran. Wannan fasalin yana bawa masu amfani damar tantance girman taga da sauran zaɓuɓɓukan al'ada kusa da farkon ko ƙarshen fayil ɗin rubutu.
An kunna wannan fasalin ta tsoho a cikin sifofi kafin Vim 8.1.1365 Neovim 0.3.6 kuma ya shafi dukkan nau'ikan fayil, gami da .txt fayiloli.
Game da yanayin rauni a cikin Vim
Ta hanyar Modeline, iyakance zaɓuɓɓuka kaɗai aka yarda. SIdan an bayyana ma'anar magana azaman darajar zaɓi, yana gudana a cikin yanayin sandbox, wanda ke ba da damar kawai za a yi amfani da sauƙin aminci mafi sauƙi.
A lokaci guda, umarnin ": tushe" na ɗaya daga cikin waɗanda aka ba da izinin, inda zaku iya amfani da mai gyara "!" don gudanar da umarni ba tare da izini ba daga takamaiman fayil ɗin.
Sabili da haka, don aiwatar da lambar, ya isa nunawa a cikin layin samfurin tsari na sigar "saita foldexpr = aiwatar ('\: tushe! Some_file'):". A cikin Neovim, kira ne na kisa haramtacce ne, amma ana iya amfani da takaddun tabbatarwa a maimakon haka.
A gefe guda, a cikin sandbox, an tsara shi don hana illa masu illa:
Zaɓuɓɓukan 'foldexpr', 'formatexpr', 'inkarixpr', 'indentexpr', 'matsayi' da 'folda' duk ana iya kimantasu a cikin sandbox. Wannan yana nufin cewa an kiyaye ka daga waɗannan maganganun tare da sakamako masu illa mara kyau. Wannan yana ba da tsaro lokacin da aka bayyana waɗannan zaɓuɓɓukan daga abin ƙira.
Duk da yake samfuran suna iyakance dokokin da ake dasu kuma suna aiwatar dasu a cikin wani keɓaɓɓen yanayi daga tsarin aiki, mai bincike Armin Razmjou ya lura cewa umarnin: font! kewaye da wannan kariya:
"Tana karantawa da aiwatar da umarnin a cikin wani fayil da aka ba su kamar an shigar da su da hannu, tana aiwatar da su da zarar sandbox ya bar," mai binciken ya rubuta a cikin wani sakon da aka buga a farkon wannan watan. -ci.
Don haka, mutum na iya gina layin samfuri wanda ke aiwatar da lambar a wajen akwatin sandbox.
Post ya haɗa da fayilolin rubutu na tabbaci-na-ka'ida guda biyu, ɗayan wanda ke iya kwatanta barazanar.
Ofayansu yana buɗe kwasfa ta baya akan kwamfutar da ke aiki Vim ko NeoVim. Daga can, maharan na iya ƙaddamar da umarnin da suka zaɓa a cikin injin da ake buƙata.
Razmjou ya ce: "Wannan PoC din yana bayanin yadda za a kai hari ta yadda za a fara amfani da harsashi a yayin da mai amfani ya bude fayil din." «Don ɓoye harin, za a sake rubuta fayil ɗin nan da nan lokacin da aka buɗe shi. Hakanan, PoC yana amfani da jerin tsere na ƙarshe don ɓoye layin samfurin lokacin da aka buga abun ciki tare da kyanwa. (cat -v ya bayyana ainihin abun ciki). «
Vulneaƙatarwar aiwatar da umarni yana buƙatar kunnawa na daidaitaccen aikin tallan kayan kawa, kamar yadda yake a cikin wasu rarrabawar Linux ta tsohuwa. An sami lahani a cikin Vim kafin sigar 8.1.1365 da a Neovim kafin sigar 0.3.6.
Wannan nasiha daga National Vulnerabilities Database na National Institute of Standards and Technology ya nuna cewa rarraba Debian da Fedora Linux sun fara sakin tsayayyun siga.
A cikin rarrabawa, an warware matsalar a cikin RHEL, SUSE / openSUSE, Fedora, FreeBSD, Ubuntu, Arch Linux, da ALT.
Raunin yanayin ya kasance ba a gyara shi cikin Debian ba (A cikin Debian modeline an kashe ta tsohuwa, don haka yanayin rauni bai bayyana a cikin tsoho ba).
Sabon sigar MacOS yana ci gaba da amfani da sigar mai rauni, kodayake hare-haren suna aiki ne kawai lokacin da masu amfani suka canza saitin da ke da fasalin samfurin.