Mazuva mashoma apfuura nyaya yakabuda kuti Chikwata chekutsvagisa cheQualys chakawana kusagadzikana kwehuori mu polkit pkexec, chirongwa cheSUID chemidzi chinoiswa nekusarudzika pane ese makuru eLinux kugovera.
Uku kunetseka nyore kushandiswa yakabvumira chero asiri-asina rombo mushandisi kuwana akazara midzi ropafadzo pane ari munjodzi anotambira nekushandisa kusazvibata uku mukumisikidza kwayo.
polkit (yaimbozivikanwa sePolicyKit) chinhu chinoumba system-wide ropafadzo control paUnix-senge masisitimu anoshanda. Inopa nzira yakarongeka yeasina rombo maitiro ekutaurirana neakasarudzika maitiro, uye zvakare zvinogoneka kushandisa polkit kumhanyisa mirairo neropafadzo dzakakwirira uchishandisa iyo pkexec command inoteverwa nemurairo waunoitirwa kuita (nemidzi mvumo).
Nezve kusagadzikana
Kunetseka ari mu pkexec, saka kodhi yako ine chinongedzo chekubata kukanganisa, zvimwe zvacho guma uchinongedzera nzvimbo dzendangariro dzisingafanirwe. Nekushandisa chikanganiso ichi, zvinokwanisika kuwana ropafadzo dzemaneja ipapo ipapo.
Yakarongedzerwa seCVE-2021-4034, kusagadzikana kwakagamuchira mucherechedzo weCVSS we7,8 uye iyo timu yeQualys yakatsanangura mune blog post kuti:
Iyo pkexec kukanganisa inovhura musuwo wemidzi ropafadzo kune anorwisa. Vatsvagiri veQualys, akadaro, vakaratidza kushandiswa kwekumisikidzwa kweUbuntu, Debian, Fedora neCentOS, uye kumwe kugoverwa kweLinux kunofungidzirwawo kuve panjodzi.
"Kubudirira kushandiswa kwekusagadzikana uku kunobvumira chero munhu asina rombo rakanaka kuti awane midzi ropafadzo pane ari munjodzi. Vatsvagiridzi veQualys kuchengetedza vakakwanisa kuzvimiririra kuonesa kusagadzikana, kusimudzira kushandiswa, uye kuwana rombo rakazara midzi pakumisikidzwa kweUbuntu, Debian, Fedora, uye CentOS. Kumwe kugoverwa kweLinux kungangove panjodzi uye kushandiswa. Kusagadzikana uku kwakavanzwa kweanopfuura makore gumi nemaviri uye kunobata shanduro dzese dze pkexec kubva payakatanga kuburitswa muna Chivabvu 12 (simbisa c2009c8d3, "Wedzera pkexec(83) kuraira").
"Chikwata chedu chekutsvagisa chikangosimbisa kusazvibata, Qualys akazvipira kuburitsa pachena nezvekusagadzikana uye kurongeka nevatengesi uye kugovera kwakavhurika sosi kuzivisa nezvekusagadzikana."
Dambudziko rinoitika kana main () basa by pkexec gadzira mitsetse yemirairo mitsetse uye izvozvo argc iri zero. Basa racho richiri kuyedza kuwana rondedzero uye rinopedzisira raedza kushandisa rgvvoid (ARGument Vector yekuraira mutsara nharo tambo). Nekuda kweizvozvo, chiyeuchidzo chinoverengwa uye kunyorwa kunze kwemiganhu, iyo anorwisa anogona kushandisa kuisa jekiseni nharaunda inoshanduka iyo inogona kukonzera kupokana kodhi kutakurwa.
Icho chokwadi chekuti izvi zvakasiyana-siyana zvinogona kudzoserwa zvinoita kuti kodhi ive munjodzi. Irinani nzira yekubiridzira inopihwa neQualys (kuisa jekiseni yeGCONV_PATH kuchinjika munzvimbo yepkexec kuti imhanye raibhurari yakagovaniswa semidzi) inosiya maronda mumafaira egi.
Muchipangamazano chekuchengetedza, Red Hat yakapa chirevo chinotevera:
"Red Hat inoziva nezvekusagadzikana kunowanikwa mupkexec iyo inobvumira mushandisi ane chokwadi kuti aite kukwidziridzwa kwekurwiswa."
"Njodzi huru kune vatengi mukana wekuti mushandisi asina rusaruro awane ropafadzo dzekutonga pane dzakakanganisika masisitimu. Anorwisa anofanira kunge aine mukana wekupinda kune yakananga system kuti aite kurwisa."
Zvakakodzera kutaura izvozvo kusagadzikana kwakange kwatoonekwa muna 2013 uye yakanga yatsanangurwa zvakadzama mune blog post, kunyangwe pasina PoC yakanga yapihwa:
"Lol, ndakanyora nezvekusagadzikana kwepolkit iyi muna 2013. Handina kuwana nzira chaiyo yekubiridzira, asi ndakaziva chikonzero."
Chekupedzisira kana iwe uchifarira kukwanisa kuziva izvozvo nezvazvo, unogona kubvunza ruzivo mune inotevera chinongedzo.