Tarisa poindi (mupi wepasi rese weIT chengetedzo mhinduro) yakaburitswa mazuva akati wandei apfuura sumo yekuchengetedza mashandiro "Kubatanidza-Kwakachengeteka", , que zvinoita kuti zviome kuumba zviitwa iyo inoshandura dudziro kana shanduko yezvinongedzo kumabhagi akagoverwa paunenge uchiita malloc kufona.
Iyo nyowani «Yakachengeteka-Kubatanidza» mashandiro haivharidzi zvachose mukana wekushandisa kusagadzikana, asi ine mashoma pamusoro inonetsa kuumbwa kwezvimwe zvikamu zvekushandisaSezvo kuwedzera kune chakashandiswa buffer kufashukira, zvinodikanwa kuti uwane kumwe kunetseka kunokonzeresa ruzivo nezve nzvimbo yemurwi mundangariro.
Yakachengeteka-Inobatanidza mashandiro ekumisikidza akagadzirirwa Glibc (ptmalloc), eClibc-NG (dlmalloc), gperftools (tcmalloc) neGoogle TCMalloc, pamwe nechikumbiro chekuvandudza dziviriro muChromium (kubvira 2012 Chromium yakatobatanidzwa nemhinduro kune iyo dambudziko rakafanana) MaskPtr nzira yekudzivirira, asi mhinduro ye Checkpoint inoratidza kuita kuri nani).
Iwo mavara akasarudzika akatobvumidzwa kuendeswa mukuburitswa kwaNyamavhuvhu Glibc 3.32 uye Safe-Kubatanidza ichave inogoneswa nekutadza. MuClibc-NG, yakachengeteka link rutsigiro yakaverengerwa mushanduro 1.0.33 uye inogoneswa nekutadza. Mune gperftools (yekare tcmalloc) shanduko dzinotambirwa, asi dzinozopihwa sesarudzo mukuburitswa mune ramangwana.
Vagadziri veTCMalloc vakaramba kutambira shanduko, cnekubudirira kwakasimba kwekuita uye kudiwa kwekuwedzera bvunzo dzepamberi kuti ugare uchiongorora kuti zvese zviri kushanda nemazvo.
Miedzo inoitwa na Tarisa poindi mainjiniya airatidza kuti iyo Safe-Kubatanidza nzira haina kutungamira kune yekuwedzera ndangariro yekushandisa uye iko kuita kana uchiita murwi mashandiro paavhareji inoderera chete ne0.02%, uye mune yakaipa kesi ne1.5%
Kugonesa Yakachengeteka-Kubatanidza kunotungamira mukuitwa kwe 2-3 yekuwedzera mirayiridzo yekuunganidza neese kufona kune vakasununguka () uye 3-4 mirairo kana uchidana malloc (). Kutanga kutanga uye kusarudzika kukosha chizvarwa hakudiwe.
Yakachengeteka-Kubatanidza inogona kushandiswa kwete chete kuwedzera chengetedzo yemhando dzakasiyana dzemirwi inoitwa, sino zvakare kuwedzera kutendeseka cheki kune chero dhata data iyo inoshandisa rondedzero yeakazvimiririra anonongedzera ari padyo nemabhafa.
Nzira yacho zviri nyore kwazvo kuita uye zvinongoda kuwedzera macro uye ishandise kune zvinonongedzera kune inotevera block yekodhi (semuenzaniso, yeGlibc chete mitsara mishoma inoshandurwa mukodhi).
Musimboti wenzira iyi ndeyekushandisa data rakasarudzika kubva kuASLR kero yekuchinja maitiro (mmap_base) kuchengetedza rondedzero dzakabatana dzakadai seFast-Bins uye TCache. Usati washandisa iyo pointer kukosha kune chinotevera chinhu mune rondedzero, mask kutendeuka uye kuenzanisa cheki kunoitwa pamwe nemucheto weyekuyeuka peji. Iyo pointer inotsiviwa nemhedzisiro yekushanda "(L >> PAGE_SHIFT) XOR (P)", uko P iri kukosha kweye pointer uye L ndiyo nzvimbo mundangariro panochengeterwa pointer iyi.
Kana ikashandiswa muASLR (Address Space Layout Randomization) system, mamwe maL bits ane kero yepasi pemurwi ane zvimiro zvisina kujairika zvinoshandiswa sekiyi yekukomberedza P (zvinobviswa nekuchinja mashandiro gumi nemaviri yemapeji 12-byte).
Kubata kwakadaro inoderedza njodzi yekutapa pointer mukushandisa, Sezvo chinongedzo chisina kuchengetwa muchimiro chayo chepakutanga, uye kuchitsiva, unofanirwa kuziva ruzivo nezve nzvimbo yemurwi.
Maitiro acho anoshanda mukudzivirira pakurwiswa kunoshandisa tsananguro yekutsanangudza (yakaderera byte shift), nyorazve kunyora zvinongedzo (redirect kune anorwisa kodhi) uye chinja chinzvimbo chechinyorwa munzira isiri-inoenderana.
Semuenzaniso, zvinoratidzwa kuti kushandiswa kweKachengeteka-Kubatanidza mumalloc kunovharira kushandiswa kwekushupika kweCVE-2020-6007 ichangobva kuwanikwa nevatsvakurudzi vakafanana muPhilips Hue Bridge smart backlight inokonzerwa nehupfu hwakawanda uye ichibvumira kudzora mudziyo.
mabviro: https://research.checkpoint.com