Ofufuza ochokera ku NCC Group zotsatira zaulele wa polojekiti , makina ogwiritsira ntchito nthawi yeniyeni (RTOS), yomwe cholinga chake ndi kukonza zipangizo zomwe zimagwirizana ndi Internet of Things (IoT, Internet of Things). Panthawi yofufuza zidawululidwa mu Zephyr ndi chiwopsezo cha 1 ku MCUboot. Zephyr ikupangidwa ndi kutenga nawo gawo kwa makampani a Intel.
Pazonse, ziwopsezo za 6 zidadziwika mu stack network, 4 mu kernel, 2 mu chipolopolo cholamula, 5 mumayendedwe oyitanitsa, 5 mu subsystem ya USB ndi 3 mumakina osinthira firmware. Nkhani ziwiri ndizofunika kwambiri, ziwiri ndi zapamwamba, 9 ndizochepa, 9 ndizotsika, ndipo 4 ndizoyenera kuziganizira. Mavuto ovuta amakhudza stack ya IPv4 ndi MQTT parser, zoopsa zimakhudza kusungirako kwakukulu kwa USB ndi madalaivala a USB DFU. Panthawi yowululira zidziwitso, zokonza zidakonzedweratu pazowopsa 15 zokha; zovuta zomwe zimatsogolera ku kuletsedwa kwa ntchito kapena zolumikizidwa ndi zolakwika mu njira zowonjezera zoteteza kernel zimakhalabe zosakonzedwa.
Chiwopsezo chomwe chingagwiritsidwe ntchito patali chadziwika papulatifomu ya IPv4, zomwe zimadzetsa kuwonongeka kwamakumbukidwe pokonza mapaketi a ICMP osinthidwa mwanjira inayake. Vuto lina lalikulu lidapezeka mu protocol ya MQTT parser, yomwe imayamba chifukwa cha kusowa koyang'ana kutalika kwa mutu wamutu ndipo kungayambitse kuphatikizika kwa code kutali. Kukana kocheperako kwa zovuta zantchito kumapezeka mu stack ya IPv6 ndi kukhazikitsa protocol ya CoAP.
Mavuto ena atha kugwiritsidwa ntchito kwanuko kuti aletse ntchito kapena kupereka ma code pamlingo wa kernel. Zambiri mwazofooka izi zimakhudzana ndi kusowa kwa kuwunika koyenera kwa mikangano yoyimba foni, ndipo zitha kupangitsa kuti madera osasinthika a kernel memory alembedwe ndikuwerengedwa kuchokera. Mavutowa amafikiranso pamakina opangira mafoni - kuyimba nambala yoyimba foni kumabweretsa kusefukira. Kernel idazindikiranso zovuta pakukhazikitsa chitetezo cha ASLR (address space randomization) ndi njira yoyika zizindikiro za canary pa stack, zomwe zimapangitsa kuti njirazi zisagwire ntchito.
Mavuto ambiri amakhudza stack USB ndi madalaivala payekha. Mwachitsanzo, zovuta pakusungirako misa ya USB zimatha kupangitsa kuti buffer kusefukira ndikuchita khodi pamlingo wa kernel pomwe chipangizocho chilumikizidwa ndi gulu la USB lomwe limayendetsedwa ndi wowukira. Chiwopsezo mu USB DFU, dalaivala wotsitsa firmware yatsopano kudzera pa USB, amakulolani kutsitsa chithunzi chosinthidwa cha firmware mu Flash yamkati ya microcontroller osagwiritsa ntchito encryption ndikudutsa njira yotetezedwa yoyambira ndikutsimikizira zigawo pogwiritsa ntchito siginecha ya digito. Kuphatikiza apo, code yotsegula ya bootloader idaphunziridwa , momwe chiwopsezo choyipa chinapezeka,
zomwe zingayambitse kusefukira kwa buffer mukamagwiritsa ntchito protocol ya SMP (Simple Management Protocol) pa UART.
Kumbukirani kuti ku Zephyr, malo amodzi okha omwe amagawidwa padziko lonse lapansi (SASOS, Single Address Space Operating System) amaperekedwa pazochitika zonse. Khodi yachindunji yogwiritsira ntchito imaphatikizidwa ndi kernel yodziwika ndi ntchito kuti ipange chotheka chokhazikika chomwe chitha kukwezedwa ndikuyendetsedwa pazida zinazake. Zida zonse zamakina zimatsimikiziridwa panthawi yophatikiza, kuchepetsa kukula kwa ma code ndikuwonjezera magwiridwe antchito. Chithunzi chadongosolo chitha kukhala ndi ma kernel okhawo omwe amafunikira kugwiritsa ntchito pulogalamuyi.
Ndizochititsa chidwi kuti pakati pa zabwino zazikulu za Zephyr chitukuko ndi chitetezo mu malingaliro. kuti magawo onse a chitukuko amakumana ndi magawo ovomerezeka otsimikizira chitetezo cha code: kuyezetsa kwapang'onopang'ono, kusanthula kosasunthika, kuyezetsa kulowa, kuwunika kwa ma code, kuwunika kukhazikitsidwa kwanyumba ndikuyika ziwopsezo.
Source: opennet.ru