Google ya buga samfura da yawa na amfani da ke nuna yuwuwar yin amfani da raunin aji na Specter lokacin aiwatar da lambar JavaScript a cikin mai binciken, ta ketare hanyoyin kariya da aka ƙara a baya. Ana iya amfani da abubuwan amfani don samun damar yin amfani da ƙwaƙwalwar sarrafa abun ciki na yanar gizo a cikin shafin na yanzu. Don gwada aikin da aka yi amfani da shi, an ƙaddamar da shafin yanar gizon leaky.page, kuma an buga lambar da ke kwatanta ma'anar aikin akan GitHub.
An tsara samfurin da aka tsara don kai hari ga tsarin tare da Intel Core i7-6500U masu sarrafawa a cikin wani yanayi tare da Linux da Chrome 88. Don amfani da amfani don wasu wurare, ana buƙatar gyare-gyare. Hanyar cin zarafi ba ta keɓance ga na'urori na Intel ba - bayan daidaitawar da ta dace, an tabbatar da amfani da yin aiki akan tsarin tare da CPUs daga wasu masana'antun, gami da Apple M1 dangane da gine-ginen ARM. Bayan ƙananan gyare-gyare, ana iya yin amfani da aikin a cikin wasu tsarin aiki da kuma a cikin wasu masu bincike bisa injin Chromium.
A cikin yanayin da ya danganci daidaitattun na'urori na Chrome 88 da Intel Skylake, yana yiwuwa a fitar da bayanai daga tsarin da ke da alhakin sarrafa abun cikin gidan yanar gizo a cikin shafin Chrome na yanzu (tsarin mai sawa) a gudun kilobyte 1 a sakan daya. Bugu da ƙari, an ƙirƙiri wasu samfura daban-daban, alal misali, amfani da ke ba da izini, a farashin rage kwanciyar hankali, don ƙara yawan ɗigogi zuwa 8kB/s lokacin amfani da aikin.now() mai ƙidayar lokaci tare da daidaiton 5 microseconds (0.005 millise seconds). ). An kuma shirya wani juzu'i wanda yayi aiki tare da daidaiton lokacin miliyon daƙiƙa ɗaya, wanda za'a iya amfani dashi don tsara damar yin amfani da ƙwaƙwalwar ajiyar wani tsari a cikin saurin kusan 60 bytes a cikin daƙiƙa guda.
Lambar demo da aka buga ta ƙunshi sassa uku. Kashi na farko yana daidaita mai ƙididdige lokaci don ƙididdige lokacin aiwatar da ayyukan da ake buƙata don dawo da bayanan da suka rage a cikin cache ɗin sarrafawa sakamakon hasashe na aiwatar da umarnin CPU. Sashe na biyu yana ƙayyade shimfidar ƙwaƙwalwar ajiya da ake amfani da ita lokacin rarraba jeri na JavaScript.
Kashi na uku yana amfani da raunin Specter kai tsaye don tantance abubuwan da ke cikin ƙwaƙwalwar ajiya na tsarin yanzu sakamakon ƙirƙirar yanayi don aiwatar da wasu ayyuka, sakamakon abin da na'ura ya watsar da shi bayan tantance hasashen da bai yi nasara ba, amma alamun abubuwan ana ajiye kisa a cikin ma'ajin gabaɗaya kuma za'a iya dawo dasu ta amfani da hanyoyin tantance abubuwan da ke cikin cache ta tashoshi na ɓangare na uku waɗanda ke nazarin canje-canje a lokacin samun damar cache da bayanan da ba a adana ba.
Dabarar amfani da da aka ba da shawarar ta sa ya yiwu a yi ba tare da madaidaicin ma'auni ba da ake samu ta hanyar aikin.now() API, kuma ba tare da goyan bayan nau'in SharedArrayBuffer ba, wanda ke ba da damar ƙirƙirar tsararraki a cikin ƙwaƙwalwar ajiya. Amfanin ya haɗa da na'urar Specter, wanda ke haifar da aiwatar da ƙididdiga na ƙididdigewa, da kuma na'urar bincike ta tashoshi ta gefe, wanda ke gano bayanan da aka ɓoye da aka samu yayin aiwatar da hasashe.
Ana aiwatar da na'urar ta amfani da tsararrun JavaScript wanda a ciki ake ƙoƙarin isa ga wani yanki da ke wajen iyakokin buffer, yana shafar yanayin toshe tsinkayar reshe saboda kasancewar ma'aunin girman ma'ajin da mai tarawa ya ƙara (processor yana yin hasashe). samun dama kafin lokaci, amma mirgina baya jihar bayan dubawa). Don nazarin abubuwan da ke cikin cache a cikin yanayin rashin isasshen lokacin daidaito, an ba da shawarar wata hanyar da za ta yaudari dabarun Tree-PLRU na fitar da bayanan da aka yi amfani da su a cikin na'urori masu sarrafawa kuma suna ba da izini, ta hanyar haɓaka adadin zagayowar, don haɓaka bambance-bambancen lokacin lokacin dawowa. darajar daga cache da kuma lokacin da babu wani darajar a cikin cache.
An lura cewa Google ya buga wani samfuri na cin gajiyar don nuna yuwuwar harin ta hanyar amfani da raunin aji na Specter da kuma ƙarfafa masu haɓaka gidan yanar gizo don amfani da dabarun da ke rage haɗarin irin waɗannan hare-hare. A lokaci guda, Google ya yi imanin cewa ba tare da sake yin aiki mai mahimmanci na samfurin da aka tsara ba, ba shi yiwuwa a ƙirƙiri abubuwan amfani na duniya waɗanda ke shirye ba kawai don nunawa ba, har ma don amfani da tartsatsi.
Don rage haɗarin, ana ƙarfafa masu rukunin yanar gizon su yi amfani da kasidun da aka aiwatar kwanan nan Tsarin Buɗaɗɗen Maɗaukaki (COOP), Manufofin Ƙaddamarwa ta Asalin (COEP), Manufofin Albarkatun Asalin (CORP), Buƙatar Metadata, X-Frame- Zaɓuɓɓuka, X -Nau'in-Zaɓuɓɓukan Abun ciki da Kuki SameSite. Waɗannan hanyoyin ba su ba da kariya kai tsaye daga hare-hare ba, amma suna ba ku damar keɓance bayanan rukunin yanar gizo daga ɓarna a cikin matakai waɗanda za a iya aiwatar da lambar JavaScript na maharin (lekin yana faruwa daga ƙwaƙwalwar ajiyar tsarin na yanzu, wanda, ban da lambar maharin. , kuma zai iya sarrafa bayanai daga wani rukunin yanar gizon da aka buɗe a cikin wannan shafin). Babban ra'ayin shine raba aiwatar da lambar yanar gizo a cikin matakai daban-daban daga lambar ɓangare na uku da aka karɓa daga tushe mara tushe, alal misali, an haɗa ta hanyar iframe.
source: budenet.ru