Duba wurin da aka gabatar da wata dabara mai aminci

Duba wurin (mai ba da sabis na tsaro na IT) a duniya) fito da kwanaki da suka gabata gabatarwar na tsarin aminci "Hadin-hadari", que yana sanya wahalar ƙirƙirar amfani wanda ke sarrafa ma'anar ko canjin alamomi zuwa maɓallan da aka keɓe yayin yin kira mara kyau.

Sabuwar hanyar 'Safe-Linking' ba ya toshe yiwuwar yin amfani da rauni, amma tare da karamin sama yana haifar da ƙirƙirar wasu nau'ikan abubuwan amfaniTun da ƙari ga abubuwan da aka yi amfani da su don adanawa, ya zama dole a sami wani rauni wanda ke haifar da bayani game da wurin tsibin cikin ƙwaƙwalwar.

An shirya facin aiwatar da Safe-Linking don Glibc (ptmalloc), uClibc-NG (dlmalloc), gperftools (tcmalloc) da Google TCMalloc, haka kuma an gabatar da shawara don zamanantar da kariya a cikin Chromium (tunda 2012 an riga an haɗa Chromium da mafita ga matsala iri ɗaya) Fasahar kariyaPtr, amma maganin Checkpoint yana nuna kyakkyawan aiki).

An riga an amince da facin da aka gabatar don bayarwa a cikin watan Glibc 3.32 na watan Agusta kuma Safe-Linking zai sami damar tsoho. A cikin uClibc-NG, amintaccen tallafin haɗin haɗin haɗi an haɗa shi cikin sigar 1.0.33 kuma ana kunna shi ta tsohuwa. A cikin gperftools (tsohuwar tcmalloc) ana karɓar canje-canje, amma za'a miƙa su azaman zaɓi a cikin fitowar ta gaba.

Masu haɓaka TCMalloc sun ƙi karɓar canjin, ctare da nasarar nasara mai ƙarfi da buƙata don ƙara haɓakar gwaji don tabbatar da kai tsaye cewa komai yana aiki daidai.

Gwajin da aka gudanar ta Injiniyoyin binciken aya sun nuna cewa hanyar aminci-haɗi baya haifar da ƙarin amfani da ƙwaƙwalwar ajiya kuma aikin yayin gudanar da tarin abubuwa a matsakaita yana raguwa da kashi 0.02%, kuma a cikin mafi munin yanayi da 1.5%

Sauke Safe-Linking yana kaiwa ga aiwatar da ƙarin umarnin mai tara abubuwa 2-3 tare da kowane kira don kyauta () da umarnin 3-4 yayin kiran malloc (). Ba a buƙatar farawa ta farawa da haɓaka ƙimar bazuwar.

Amintaccen mahaɗin za a iya amfani dashi ba kawai don haɓaka aminci ba na aiwatarwa da yawa, sino kuma don ƙara binciken gaskiya ga kowane tsarin bayanai wannan yana amfani da jerin alamomin alaƙa daban-daban waɗanda ke kusa da maƙallan.

Hanyar yana da sauƙin aiwatarwa kuma yana buƙatar ƙara macro kawai kuma amfani da shi zuwa masu nunawa zuwa gaba na lambar (alal misali, don Glibc ƙananan layi kawai aka canza a cikin lambar).

Mahimmancin hanyar ita ce amfani da bazuwar bayanai daga tsarin bazuwar adireshin ASLR (mmap_base) don kare jerin alamomin daban-daban kamar Fast-Bins da TCache. Kafin amfani da alamar nunawa zuwa abu na gaba a cikin jeren, ana yin jujjuyawar fuska da duba jeri tare da gefen shafin ƙwaƙwalwar. An maye gurbin mai nunawa da sakamakon aikin "(L >> PAGE_SHIFT) XOR (P)", inda P shine ƙimar maɓallin kuma L shine wurin da ke cikin ƙwaƙwalwar ajiyar inda aka ajiye wannan alamar.

Idan aka yi amfani da shi a cikin tsarin ASLR (Randomization Space Layout Randomization), wasu daga cikin ragogin L tare da adireshin tushe na tarin suna ƙunshe da ƙididdigar bazuwar waɗanda aka yi amfani da su azaman mabuɗin don ɓoye P (ana cire su ta hanyar sauyawar juzu'i na 12. don shafuka 4096-byte).

Irin wannan magudi rage haɗarin kama jagora a cikin amfani, Tunda ba'a nuna mai nunin a cikin asalin sa ba, kuma don maye gurbin sa, kuna buƙatar sanin bayani game da wurin tsibin.

Hanyar tana da tasiri cikin kariya daga hare-haren da ke amfani da mahimman bayanai na maimaitawa (matsakaiciyar baiti), cikakken sake rubutawa na masu nuni (turawa zuwa lambar maharin) kuma canza matsayin jerin a cikin shugabanci mara daidaituwa.

A matsayin misali, an nuna cewa yin amfani da Safe-Linking a cikin malloc zai toshe amfani da yanayin raunin CVE-2020-6007 da aka gano kwanan nan wanda masu binciken guda suka gano a cikin hasken haske na Philips Hue Bridge wanda ya haifar da ambaliyar da kuma ba da damar sarrafawa na'urar.

Source: https://research.checkpoint.com


Kasance na farko don yin sharhi

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.