Iphuzu lokuhlola (umhlinzeki womhlaba wonke wezixazululo zokuphepha ze-IT) ikhishwe ezinsukwini ezimbalwa ezedlule isingeniso wendlela yokuphepha "Ukuxhumanisa okuphephile", lokho kwenza kube nzima ukudala ukuxhaphaza ezisebenzisa incazelo noma ushintsho lwezikhombi kumabhafa abelwe lapho kwenziwa ikholi ye-malloc.
Indlela entsha ye- «Safe-Linking» akuvimbeli ngokuphelele amathuba okusebenzisa ubungozi, kepha ngekhanda elincane yenza kube nzima ukwenziwa kwezigaba ezithile zokuxhashazwaNjengoba ngaphezu kokuchichima kwe-buffer okuxhashaziwe, kuyadingeka ukuthola okunye ukuba sengozini okubangela imininingwane emayelana nenqwaba yenkumbulo.
Ama-patches wokuqalisa wokuxhumanisa okuphephile ayenzelwe i-Glibc (ptmalloc), uClibc-NG (dlmalloc), gperftools (tcmalloc) kanye ne-Google TCMalloc, kanye nesiphakamiso sokwenza ukuvikelwa kwesimanje ku-Chromium (kusukela ngo-2012 i-Chromium isivele ihlanganiswe nezisombululo ku inkinga efanayo) inqubo yokuvikela iMaskPtr, kepha isixazululo seCheckpoint sikhombisa ukusebenza okungcono).
Izimaki ezihlongozwayo sezivele zivunyiwe ukuthi zilethwe ngo-Agasti ukukhishwa kweGlibc 3.32 kanti iSafe-Linking izonikwa amandla ngokwakhona. Ku-eClibc-NG, ukuxhaswa kwesixhumanisi okuphephile kufakiwe kunguqulo 1.0.33 futhi kunikwa amandla ngokuzenzakalela. Ku-gperftools (tcmalloc endala) ushintsho luyamukelwa, kepha luzonikezwa njengenketho ekukhishweni okuzayo.
Abathuthukisi be-TCMalloc benqabile ukwamukela ushintsho, cngempumelelo enamandla yokusebenza kanye nesidingo sokwengeza izivivinyo ezisezingeni eliphakeme ukuqinisekisa njalo ukuthi konke kusebenza kahle.
Ukuhlolwa okwenziwe yi Onjiniyela bendawo yokuhlola bakhombisile ukuthi indlela yokuXhuma okuPhephile ayiholeli ekusetshenzisweni kwememori okwengeziwe futhi ukusebenza lapho kwenziwa inqwaba yokusebenza ngokwesilinganiso kwehla kuphela ngo-0.02%, futhi esimweni esibi kakhulu ngo-1.5%
Ukunika amandla i-Safe-Linking kuholela ekusetshenzisweni kwemiyalo engama-2-3 yokuhlanganisa ngocingo ngalunye ukuya ku- free () kanye nemiyalo engu-3-4 lapho ushayela i- malloc (). Ukuqalisa kokuqala nokwenziwa kwenani okungahleliwe akudingeki.
I-Safe-Linking ingasetshenziswa hhayi kuphela ukukhulisa ukuphepha kokuqaliswa kwenqwaba ehlukahlukene, sino futhi ukwengeza ukuhlola ubuqotho kunoma isiphi isakhiwo sedatha elisebenzisa uhlu lwezikhombi ezixhunywe ngazinye ezitholakala eduze kwama-buffers.
Indlela kulula kakhulu ukuyisebenzisa futhi kudinga ukungeza kuphela i-macro bese uyisebenzisa kwizikhombi kubhulokhi elandelayo yekhodi (ngokwesibonelo, kwi-Glibc kuphela imigqa embalwa eshintshiwe kwikhodi).
Ingqikithi yendlela ukusebenzisa idatha engahleliwe kusuka kunqubo yekheli le-ASLR (mmap_base) ukuvikela izinhla ezixhunywe ngazinye ezinjenge-Fast-Bins ne-TCache. Ngaphambi kokufaka inani lesikhombi entweni elandelayo ohlwini, ukuguqulwa kwemaski nokuhlolwa kokuqondanisa kwenziwa emaphethelweni ekhasi lememori. Isikhombi sithathelwa indawo ngomphumela wokusebenza "(L >> PAGE_SHIFT) XOR (P)", lapho i-P iyinani lesikhombi futhi i-L yindawo kwimemori lapho kugcinwa khona lesi sikhombi.
Lapho isetshenziswa ohlelweni lwe-ASLR (Address Space Layout Randomization), amanye ama-L bits anekheli lesisekelo lenqwaba aqukethe amanani angahleliwe asetshenziswa njengokhiye wokufaka ikhodi ku-P (akhishwa ngokusebenza kokushintshwa kwezingcezu eziyi-12 yamakhasi angama-4096-byte).
Ukukhwabanisa okunjalo inciphisa ubungozi bokubamba isikhombi ekusebenziseni, Njengoba i-pointer ingagcinwanga ngendlela yayo yasekuqaleni, futhi ukuyifaka esikhundleni sayo, udinga ukwazi imininingwane mayelana nendawo yenqwaba.
Le ndlela iyasebenza ekuvikeleni ekuhlaselweni okusebenzisa ukuchazwa kwesikhombi ngokwengxenye (i-byte shift ephansi), bhala kabusha izikhombisi (qondisa kabusha ikhodi yomhlaseli) bese ushintshe indawo yohlu endaweni engeyona eyokuqondanisa.
Njengesibonelo, kukhonjisiwe ukuthi ukusetshenziswa kwe-Safe-Linking ku-malloc kuzovimba ukuxhashazwa kwe-CVE-2020-6007 yokuba sengozini esanda kutholwa ngabaphenyi abafanayo ku-backlight smart ye-Philips Hue Bridge ebangelwe ukugcwala kwe-buffer nokuvumela ukulawula idivayisi.
Umthombo: https://research.checkpoint.com