Google ya buga samfura masu amfani da yawa waɗanda ke nuna ikon yin amfani da raunin Spectre-class ta hanyar aiwatar da lambar JavaScript a cikin mai bincike, ta ketare kariyar da aka ƙara a baya. Ana iya amfani da waɗannan fa'idodin don samun damar yin amfani da ƙwaƙwalwar sarrafa abun ciki na yanar gizo a cikin shafin na yanzu. An ƙaddamar da shafin yanar gizon leaky.page don gwada cin gajiyar, kuma an buga lambar da ke kwatanta dabaru akan GitHub.
An tsara samfurin da aka gabatar don aiwatar da hari kan tsarin da ke da na'urori masu sarrafawa na Intel Core i7-6500U a cikin yanayi mai haɗari Linux da Chrome 88. Ana buƙatar gyare-gyare don amfani da amfani da amfani ga wasu muhalli. Hanyar amfani ba ta keɓance ga masu sarrafa Intel ba; bayan daidaitawa mai dacewa, an tabbatar yana aiki akan tsarin da ke da CPU daga wasu masana'antun, gami da Apple M1 bisa tsarin ARM. Tare da ƙananan gyare-gyare, amfani da amfani yana aiki akan wasu tsarin aiki da kuma a cikin sauran masu bincike na Chromium.
A cikin yanayin da ya danganci tsarin aiki na Chrome 88 da na'urori na Intel Skylake, an sami ɗigon bayanai daga tsarin mai ba da alhakin sarrafa abun cikin gidan yanar gizo a cikin shafin Chrome na yanzu akan ƙimar kilobyte 1 a sakan daya. Har ila yau, an ƙirƙiri wasu samfura daban-daban, gami da yin amfani da, a farashin rage kwanciyar hankali, ƙara yawan ɗigogi zuwa 8 kilobytes a sakan daya ta yin amfani da lokacin aikin.now() tare da ƙuduri na 5 microseconds (0.005 milliseconds). An kuma ɓullo da wani bambance-bambancen da ke aiki tare da ƙudurin mai ƙidayar lokaci na millisecond ɗaya kuma ana iya amfani da shi don samun damar ƙwaƙwalwar ajiyar wani tsari a ƙimar kusan 60 bytes a sakan daya.
Lambar demo da aka buga ta ƙunshi sassa uku. Kashi na farko yana daidaita mai ƙididdige lokaci don ƙididdige lokacin aiwatarwa da ake buƙata don dawo da bayanan da suka rage a cikin cache ɗin sarrafawa sakamakon hasashe na aiwatar da umarnin CPU. Sashe na biyu yana ƙayyade shimfidar ƙwaƙwalwar ajiya da ake amfani da ita don keɓance tsararrun JavaScript.
Kashi na uku yana amfani da raunin Specter kai tsaye don ƙayyade abubuwan ƙwaƙwalwar ajiya na tsarin yanzu ta hanyar ƙirƙirar yanayi don aiwatar da wasu ayyuka, sakamakon abin da mai sarrafa ya watsar da shi bayan tantance hasashen da bai yi nasara ba, amma ana adana alamun kisa a cikin cache gabaɗaya kuma ana iya dawo da su ta hanyar amfani da hanyoyin da za a iya tantance lokacin cache ta hanyar gano abubuwan da ke ciki. da kuma bayanan da ba a cache ba.
Dabarar amfani da aka yi niyya ta ketare madaidaicin madaidaicin lokacin da ake samu ta hanyar wasan kwaikwayon.now() API da nau'in SharedArrayBuffer, wanda ke ba da damar ƙirƙirar tsararraki a cikin ƙwaƙwalwar ajiya. Amfanin ya haɗa da na'urar Specter, wanda ke haifar da aiwatar da kisa na ƙididdiga, da kuma na'urar nazarin leak ta tashar ta gefe, wanda ke gano bayanan da aka ɓoye da aka samu yayin aiwatar da hasashe.
Ana aiwatar da na'urar ta amfani da tsararrun JavaScript wanda ke ƙoƙarin samun dama ga madaidaicin waje, yana shafar yanayin sashin tsinkayar reshe saboda duban girman mai haɗawa da allurar (na'ura mai sarrafawa da hasashe yana yin damar shiga gaba, amma tana jujjuya jihar bayan rajistan). Don nazarin abubuwan da ke cikin cache a ƙarƙashin yanayin rashin isassun daidaiton ƙidayar lokaci, ana ba da shawarar wata hanya wacce za ta kewaya dabarun korar itace-PLRU da aka yi amfani da su a cikin masu sarrafawa kuma, ta hanyar haɓaka adadin zagayowar, yana ƙaruwa da bambancin lokaci tsakanin maido da ƙima daga cache kuma lokacin da ƙimar ba ta cikin cache.
An lura cewa Google ya buga samfurin amfani don nuna gaskiyar hare-hare ta amfani da raunin Spectre-class da kuma ƙarfafa masu haɓaka gidan yanar gizon su ɗauki dabarun da ke rage haɗarin irin waɗannan hare-hare. Duk da haka, Google ya yi imanin cewa ba tare da wani gagarumin bita na samfurin da aka tsara ba, ba shi yiwuwa a ƙirƙiri abubuwan amfani na duniya wanda ya dace ba kawai don nunawa ba har ma don amfani da yawa.
Don rage haɗarin, ana ƙarfafa masu gidan yanar gizon su yi amfani da Manufofin Buɗewa na Asalin Cross-Origin (COOP), Manufofin Ƙaddamarwa na Asalin (COEP), Manufofin Albarkatun Asalin (CORP), Neman Metadata Request, X-Frame-Options, X-Content-Nau'in-Zaɓuɓɓuka, da Shugabancin Kuki na SameSite. Wadannan hanyoyin ba su ba da kariya kai tsaye daga hare-hare ba, amma suna ba da damar bayanan gidan yanar gizon su ware daga leaks zuwa hanyoyin da za su iya aiwatar da lambar JavaScript na maharin (lekin yana faruwa ne daga ƙwaƙwalwar ajiyar tsarin na yanzu, wanda zai iya sarrafa ba kawai lambar maharin ba har ma da bayanai daga wani gidan yanar gizon da aka buɗe a cikin wannan shafin). Babban ra'ayi shine raba aiwatar da lambar gidan yanar gizo a cikin matakai daban-daban daga lambar ɓangare na uku da aka samu daga tushen da ba a amince da su ba, kamar lambar da aka haɗa ta hanyar iframe.
source: budenet.ru
