ã¡ãã£ã¢èšäº
Linuxã§ã«ãŒãæš©éãèªç±ã«ååŸã§ããè匱æ§ãçºèŠããæªçšãããã®ã¯æéã®åé¡ããšå°é家
ããºãææ°ããŒã¯ 221
twitterã³ã¡ã³ã 68ä»¶äž 1ïœ68件
SSHçªç Žãããªããã°åé¡ãªãïŒ(à¹â¢Ìã
â¢Ì)Ùâ§
ã²ãâŠ
ããïŒãâãªã®ïŒ
ã§ã«ãŒãæš©éãèªç±ã«ååŸã§ããè匱æ§ãçºèŠããæªçšãããã®ã¯æéã®åé¡ããšå°é家
ãèªåçšã¡ã¢ã
ãã°ããããïŒïŒ
â 12幎åããååšããè匱æ§ãPwnKitããçºèŠããŸãããäž»èŠãã£ã¹ããªãã¥ãŒã·ã§ã³ã®æ®ã©ã圱é¿ãåãããšã®ããšã§æ³šæãå¿
èŠã§ãã
ãPolkitïŒPolicyKitïŒã䜿çšããpkexecã³ãã³ããå®è¡ããããšã§ã«ãŒãæš©éãèªç±ã«ååŸã
ãããŒã«ã«èªèšŒã¢ã¯ã»ã¹ãå¿ èŠã§ããããªã¢ãŒãã§ã¯å®è¡ã§ããªãã
ãããŒã«ã«èªèšŒã¢ã¯ã»ã¹ãå¿ èŠã§ããããªã¢ãŒãã§ã¯å®è¡ã§ããªãã
äžå
·åãªããŠå¿ããé ã«åºãŠããããã
LinuxãŠç¡æã ããããããµãŒãã«ãã䜿ããããããå±ãªã£
ãã³ã®ã³ã¯çããã¿ã«
ã»ãã¥ãªãã£ãã¿ãé£ç¶ããã¡ã㯠Linux ã® root æš©éãèªç±ã«ååŸã§ããèåŒ±æ§ (PwnKit)ããããã圱é¿ã¯å€§ãããã
polkitã«root奪éå¯èœãªè匱æ§ãšã®ããš
è€éããäœããšã®ããšãªã®ã§ããªããã°ãã
è€éããäœããšã®ããšãªã®ã§ããªããã°ãã
Filesystemã®SUIDããããç«ã£ãpkexecããã°ã©ã ãå
¥ã£ãŠããç°å¢ã«ãŠã/bin/shãå®è¡ã§ããäžè¬ãŠãŒã¶ãrootãåãã¡ããããšããæãããªïŒ
pkexecã®åé¡ã£ãœããããŒã«ã«ããã®æš©éææ Œãå¯èœ
ããã
ã»ãã¥ãªãã£äŒæ¥ã®Qualysã¯æ»æè
ãPolkitã䜿çšããpkexecã³ãã³ãã§ã«ãŒãæš©éãèªç±ã«ååŸã§ããããšãçºè¡šã
æ¢ã«UbuntuãDebianãFedoraãCentOSã§ååŸã«æåã
â
ãæªçšãããã®ã¯æéã®åé¡ããšå°é家ã
æ¢ã«UbuntuãDebianãFedoraãCentOSã§ååŸã«æåã
â
ãæªçšãããã®ã¯æéã®åé¡ããšå°é家ã
ã¡ã¢ã
JAVAãšããLinuxãšããã倧ããªåé¡ãšãªãè匱æ§ã®çºèŠãé²è¥¿äºãäžåœãšäºã£ãããã«ãŒãšäžäœåããåœå®¶ã®ååã«ç¹ã«æ³šæã ããã
ããšã¯ã¹ããã€ãã¯è匱æ§ããããã·ã³ã§ã®ããŒã«ã«èªèšŒã¢ã¯ã»ã¹ãå¿
èŠã§ããããªã¢ãŒãã§ã¯å®è¡ã§ããªããã§ãæéã®åé¡ããããããæããã
memo.
[ )
[ )
é¢åãªããšã«ãªã£ãâŠã
ãQualysã®è匱æ§è
åšèª¿æ»ãã£ã¬ã¯ã¿ãŒã§ããBharat Jogiæ°ã¯ããšã¯ã¹ããã€ãã¯è匱æ§ããããã·ã³ã§ã®ããŒã«ã«èªèšŒã¢ã¯ã»ã¹ãå¿
èŠã§ããããªã¢ãŒãã§ã¯å®è¡ã§ããªããšã
(Ž_`) Macã®äžèº«ã«è匱æ§ãïŒé©åœïŒ
ãLinuxã«12幎åããååšããè匱æ§PwnKitã
ããLinuxããŒã¹ã®Androidå
¥ã£ãŠãã¹ãããšãã©ããªããããâŠã
pkexec /CVE-2021-4034ã®ä»¶ â
ã²ãã£
ãã°ãªãïŒ
Androidã§ãïŒãšæã£ããã©ãpkexecããªãïŒorã¢ã¯ã»ã¹äžå¯ïŒã®ã§ãã¡ã£ãœãã
ïŒç«¯æ«ã¢ããªã§è©ŠããïŒ
ïŒç«¯æ«ã¢ããªã§è©ŠããïŒ
å®å¿ã¬ã³ã¿ã«WiFiãªãã¯ã©ãŠãWiFiæ±äº¬äžæïŒ
U3å²åŒã¯ãŒãã³ã³ãŒã(cloudsmartch2)
U3å²åŒã¯ãŒãã³ã³ãŒã(cloudsmartch2)
Linuxã§ã«ãŒãæš©éãèªç±ã«ååŸã§ããè匱æ§ãšããã¿ã€ãã«ãããã«ãŒãã«ã®è匱æ§ãªã®ããšæã£ãããPolkitã£ãŠã³ãã³ãã®è匱æ§ãªã®ãã
ã£ãŠããšã¯ããã䜿çšäžèœã«ããã°å¯ŸåŠã§ããã£ãŠããšããªã
ã£ãŠããããsudoã¯ãã€ã䜿ã£ãŠããããPolkitã£ãŠãããªãã£ãã^^;
ã£ãŠããšã¯ããã䜿çšäžèœã«ããã°å¯ŸåŠã§ããã£ãŠããšããªã
ã£ãŠããããsudoã¯ãã€ã䜿ã£ãŠããããPolkitã£ãŠãããªãã£ãã^^;
Ubuntuã®LTSãš21.10ãDebianã®testing以å€ã§ã¯ãã§ã«ã»ãã¥ãªãã£ã¢ããããŒããåºãŠããã
Linuxã«ããŒã«ã«æš©éææ Œã®è匱æ§ãèŠã€ãã£ãããã§ãããä»ã®ãšããã®å
¬éæ
å ±ã§ã¯ãè€æ°äººã§ã¢ã«ãŠã³ããå
±æããŠãããããªå Žåã§ãªããã°è匱æ§ãæªçšã§ããªãããã«èªããã®ã§ããããŸã§è
åšåºŠã¯é«ããªãããã§ãã
ããã¯äžå€§äºâŠã©ãããã®ããã
ããIoTæ代ã«ã€ããã
ããããïŒ
ãããŒ
åé¡ãšãªãè匱æ§ãCVE-2021-4034ãã¯2009幎5æ以éã«ãªãªãŒã¹ãããå
šãŠã®ããŒãžã§ã³ã®pkexecã«å«ãŸããŠããã
ãšãããããDebianã§ã¯å¯Ÿå¿çããªãªãŒã¹æžã¿ã®ããã ã
PolicyKitã®pkexecããŒã«ã§æ·±å»ãªè匱æ§ãçºèŠãããããã§ããGIGAZINEããã詳ãã解説ããŠãããŠããŸããäž»èŠãªLinuxãã£ã¹ããªãã¥ãŒã·ã§ã³ã§ã¯æ¢ã«ã»ãã¥ãªãã£ããããé
åžãããŠããŸããææ°ã®ç¶æ
ã«ã¢ããããŒãããŠãããŸãããã
çµæ§å±éº
ããšã¯ã¹ããã€ãã¯è匱æ§ããããã·ã³ã§ã®ããŒã«ã«èªèšŒã¢ã¯ã»ã¹ãå¿
èŠã§ããããªã¢ãŒãã§ã¯å®è¡ã§ããªãã
ãããã
Linuxãã°ããª
ä¹
ãã¶ãã«Linuxã§ãšã°ããã€æ¥ãã®ã
Macãã°ãããã
ãŒ
ãŒ
ãã°ãªãïŒ
[ã»ãã¥ãªãã£]Linuxé¢é£ã®ã»ãã¥ãªãã£è匱æ§ãçºèŠãããŠãããŸããæå³ããªããŠãŒã¶ãrootæš©éãååŸã§ããããã§ãLinuxãã䜿ãã®æ¹ã¯è³æ¥ã確èªãã ãã
ãŸãã£ãããïœ
ãã°ã
ããŒãããããªã¢ãŒãããç¡çããããã©ãå
éšäžæ£ãããããã
_(:3 ãâ )_
ãã¯ãã«ãããŒã«ã«ãªã ãæãã
ãããåºãŠãã確èªããªãã
-
ãããåºãŠãã確èªããªãã
-
ããããŸã
ãªã¢ãŒãã§åºæ¥ããã€ããã£ããð€€
OSSã©ãããLinuxã䜿ããªã£ãŠäŒæ¥ãåºãŠãããšé¢çœããªã
çµç·¯ã«æ³šç®
Linuxã«12幎åããååšããè匱æ§ã PwnKitããæ°ãã«æããã«ãªããäž»èŠãªLinuxãã£ã¹ããªãã¥ãŒã·ã§ã³ã®ã»ãšãã©ã«åœ±é¿ãåã¶ããšãããããŸããã
ð±
ð±
ããïŒäœãå«ãªæãã
ãããâŠâŠ
Pocket New item archived:
>"è匱æ§ããããã·ã³ã§ã®ããŒã«ã«èªèšŒã¢ã¯ã»ã¹ãå¿
èŠã§ããããªã¢ãŒãã§ã¯å®è¡ã§ããªã"
ããã¯ãŸãäžå®å¿ãã
ããã¯ãŸãäžå®å¿ãã
çŸç¶ã¯æªçšã«ã¯ããŒã«ã«ã¢ã¯ã»ã¹ãå¿
èŠã®ããé¡åšåã«ã¯æéãæãããšã®ããšã§ãã...
â 12幎åããååšããè匱æ§ãæ°ãã«æããã«ã
â¡è匱æ§ããããã·ã³ã§ã®ããŒã«ã«èªèšŒã¢ã¯ã»ã¹ãå¿ èŠããªã¢ãŒãã§ã¯å®è¡äžå¯ã
æŠå¿µå®èšŒã®æ®µéã¿ããã§ãããð€
â¡è匱æ§ããããã·ã³ã§ã®ããŒã«ã«èªèšŒã¢ã¯ã»ã¹ãå¿ èŠããªã¢ãŒãã§ã¯å®è¡äžå¯ã
æŠå¿µå®èšŒã®æ®µéã¿ããã§ãããð€
圱é¿ããããšããçµæ§ãããã
ãšã¯ã¹ããã€ãã¯è匱æ§ããããã·ã³ã§ã®ããŒã«ã«èªèšŒã¢ã¯ã»ã¹ãå¿
èŠã§ããããªã¢ãŒãã§ã¯å®è¡ã§ããªã
ãã®äžæã§å®å¿ããã
ãã®äžæã§å®å¿ããã
>ãæªçšãããã®ã¯æéã®åé¡ã
ã«ãŒãæš©éã®è匱æ§âŠã¯åé¡
ã«ãŒãæš©éã®è匱æ§âŠã¯åé¡