Indawo yokujonga (umboneleli wehlabathi wezisombululo zokhuseleko kwi-IT) Ikhutshwe kwiintsuku ezininzi ezidlulileyo intshayelelo yokhuseleko "Ukuqhagamshela ngokukhuselekileyo", que yenza kube nzima ukwenza ukuxhaphaza elawula inkcazo okanye utshintsho lwezikhombisi kwi-buffers eyabelweyo xa usenza umnxeba we-malloc.
Indlela entsha «yoQhagamshelo olukhuselekileyo» ayibuthinteli ngokupheleleyo ubukho bokuxhaphaza ukuba semngciphekweni, kodwa ngentloko encinci yenza nzima ukwenziwa kweendidi ezithile zokuxhaphazaNjengokongezwa kokugcwala kwempazamo yokuxhaphaza, kuyimfuneko ukufumana obunye ubungozi obubangela ulwazi malunga nendawo yemfumba kwimemori.
Ukuqhagamshela ngokukhuselekileyo ii-patches zilungiselelwe i-Glibc (ptmalloc), uClibc-NG (dlmalloc), gperftools (tcmalloc) kunye ne-Google TCMalloc, kunye nesindululo sokuphucula ukhuseleko kwiChromium (okoko i-2012 iChromium sele idityanisiwe nezisombululo ingxaki efanayo) ubuchule bokukhusela iMaskPtr, kodwa isisombululo se-Checkpoint sibonisa ukusebenza okungcono).
Iipatches ezicetywayo sele zivunyiwe ukuba zisiwe ngo-Agasti ukukhutshwa kweGlibc 3.32 kunye nokuQhagamshela okuKhuselekileyo kuya kwenziwa ngokungagqibekanga. Kwi-eClibc-NG, inkxaso yekhonkco ekhuselekileyo yafakwa kuhlobo lwe-1.0.33 kwaye yenziwe yangagqibekanga. Kwi-gperftools (tcmalloc endala) utshintsho lwamkelwe, kodwa luya kunikwa njengokhetho ekukhululweni kwexesha elizayo.
Abaphuhlisi be-TCMalloc bala ukwamkela utshintsho, cngempumelelo enempumelelo yokusebenza kunye nesidingo sokongeza iimvavanyo eziphambili ukuqinisekisa rhoqo ukuba yonke into isebenza kakuhle.
Uvavanyo olwenziwe ngu Iinjineli zokujonga indawo zibonise ukuba indlela yokuNxibelelanisa ngokukhuselekileyo ayikhokeleli ekusetyenzisweni kwememori eyongezelelweyo kunye nokusebenza xa usenza imfumba yokusebenza kwi-avareji yehla kuphela nge-0.02%, kwaye kwimeko embi yi-1.5%
Ukwenza ukuNxibelelanisa okuKhuselekileyo kukhokelela ekuphunyezweni kwemiyalelo emi-2 eyongezelelweyo yokudibanisa kwifowuni nganye eya simahla () kunye nemiyalelo emi-3-3 xa ubiza malloc (). Ukuqalisa kunye nokuveliswa kwexabiso elingahleliwe akufuneki.
Ukuqhagamshela ngokukhuselekileyo akunakusetyenziselwa ukwandisa ukhuseleko kuphela Ukusetyenziswa kweemfumba ezahlukeneyo, sino ukudibanisa ukukhangela ukuthembeka nakuluphi na ulwazi lwedatha olusebenzisa uluhlu lwezikhombisi ezizezinye ezibekwe ecaleni kwee-buffers.
Indlela Kulula kakhulu ukuphumeza kwaye kufuna kuphela ukongeza imacro kwaye uyisebenzise kwizikhombisi kwibhloko elandelayo yekhowudi (umzekelo, kwi-Glibc kuphela imigca embalwa etshintshiweyo kwikhowudi).
Umongo wendlela kukufaka idatha engahleliwe ukusuka kwidilesi ye-ASLR yeedilesi (mmap_base) ukukhusela uluhlu oludityaniswe ngokukodwa njengee-Bins ezikhawulezayo kunye ne-TCache. Ngaphambi kokufaka ixabiso lesikhombisi kwinto elandelayo kuluhlu, ukuguqulwa kwemaski kunye nokulungelelaniswa kokutshekishwa kwenziwa ecaleni komda wephepha lememori. Isikhombisi sithathelwe indawo sisiphumo sokusebenza "(L >> PAGE_SHIFT) XOR (P)", apho P lixabiso lesikhombisi kunye no-L yindawo kwimemori apho esi sikhombisi sigcinwa khona.
Xa isetyenziswa kwinkqubo ye-ASLR (Idilesi yokuBekwa kweNdawo yokuLungiswa), ezinye zeebitshi ze-L kunye nedilesi esisiseko yemfumba inezinto ezingaqhelekanga ezisetyenziswa njengeqhosha lokufaka ikhowudi P (zikhutshwa ngamanani ali-12 ee-4096-byte amaphepha).
Ukuphathwa okunjalo kunciphisa umngcipheko wokubamba isikhombisi kuxhaphazo, Kuba isikhombisi asigcinwanga kwifom yaso yoqobo, kwaye endaweni yaso, kuya kufuneka uyazi ulwazi malunga nendawo yemfumba.
Le ndlela iyasebenza ekukhuseleni uhlaselo olusebenzisa ukuphinda kuchaze isikhombisi (utshintsho olusezantsi lwe-byte), bhala kwakhona izikhombisi (uqondise kwakhona kwikhowudi yomhlaseli) kwaye utshintshe indawo yoluhlu kwicala elingangqinelaniyo.
Njengomzekelo, kuyaboniswa ukuba ukusetyenziswa koQhagamshelo olukhuselekileyo kwi-malloc kuyakuthintela ukuxhaphazwa kwe-CVE-2020-6007 yokuba semngciphekweni kutshanje kufunyenwe ngabaphandi abafanayo kwi-Philips Hue Bridge isibane esingasemva esibangelwa kukugcwala komzimba kunye nokuvumela ulawulo isixhobo.
Umthombo: https://research.checkpoint.com