Kodayake wannan laulayin ya wanzu na lokaci mai tsawo, musamman shekaru goma, aƙalla, yanzu dai an gano cewa amfani da shi na iya haifar da babbar asara. Masu binciken tsaro sun bayyana amfani da zai iya shafar su Tsarin aiki na tushen Unix, gami da macOS Big Sur kuma a baya iri. Wannan yanayin raunin sudo a cikin macOS na iya ba da dama ga tushen masu amfani na gida.
Zai iya tabbatarwa tare da macOS Big Sur akan duka x86_64 da aarch64. pic.twitter.com / nQqQ8rskv7
- Will Dormann (@wdormann) Fabrairu 2, 2021
A watan Janairu, masu binciken tsaro sun bayyana wani sabon rauni wanda zai iya shafar tsarin aiki na Unix. Amfani ya kasance kusan aƙalla shekaru 10, amma wannan shine farkon takaddun sanannensa. An gano shi kamar CVE-2021-3156, Sudo tushen buffer ya cika. Amfani da shi yayi kama da kuskuren baya patched mai suna CVE-2019-18634. Masu bincike daga Kayan aiki gano kwaro a Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27) da Fedora 33 (Sudo 1.9.2). Sun ce zai iya shafar sauran tsarin aiki da rarrabawar da ke gudana nau'ikan Sudo da abin ya shafa. Duk nau'ikan gado 1.8.2 zuwa 1.8.31p2 da duk tsararru iri 1.9.0 zuwa 1.9.5p1 suna shafar.
Ee. Za mu iya ɗan sami natsuwa, saboda a cewar masu binciken masu amfani za su buƙaci samun dama ga kwamfutar don gudanar da amfani. Mai binciken tsaro Matthew Hickey, wanda ya kirkiro gidan Hacker House yi sharhi akan ZDNet, saukar a ranar Laraba cewa Hakanan za'a iya amfani da ƙwaro akan Mac.
Don kunna ta, dole kawai ka sake rubuta argv [0] ko ƙirƙirar hanyar haɗin alama, ta haka ya fallasa tsarin aiki da irin yanayin rauni tushen gida wanda ya shafi masu amfani da Linux a makon da ya gabata.
https://twitter.com/hackerfantastic/status/1356645638151303169?s=20
Apple ya kamata farawa - sabunta tsaro tare da facin kowane lokaci, amma masu amfani zasu iya yin aiki a baya idan muka ɗauka ya zama dole. Tabbas, kan biyan kuɗi ga Qualys wanda ke ba da shirin wanda a ciki yake bayanin yadda ake facin yanayin rauni. Ba mu yi imani da cewa wannan wajibi ne ba, amma kuma ba shi da bukata.
