Gulu la ofufuza ochokera ku Free University of Amsterdam lasindikiza zida za Kasper zomwe zidapangidwa kuti zizizindikiritsa ma code mu kernel ya Linux omwe angagwiritsidwe ntchito kugwiritsa ntchito ziwopsezo za Specter-class zomwe zimayambitsidwa ndi kuphedwa kwa ma code pa purosesa. Khodi yochokera ku zidazo imagawidwa pansi pa layisensi ya Apache 2.0.
Tikumbukire kuti kuti tichite zigawenga monga Specter v1, zomwe zimapangitsa kuti zitheke kudziwa zomwe zili m'makumbukidwe, kukhalapo kwamwayi wamalamulo angapo (zida) kumafunikira, zomwe zimapangitsa kuti pakhale malangizo mongoyerekeza. . Pazolinga zokhathamiritsa, purosesa imayamba kupanga zida zotere mongoyerekeza, kenako amawona kuti kuneneratu kwa nthambi sikunali koyenera ndikubweza zomwe zikuchitika ku chikhalidwe chawo choyambirira, koma zomwe zidasinthidwa pakuphedwa mongoyerekeza zimathera mu cache ndi ma buffers ang'onoang'ono. zilipo kuti zitengedwenso kuchokera kwa iwo pogwiritsa ntchito njira zosiyanasiyana zodziwira deta yotsalira kudzera mu njira za chipani chachitatu.
Zida zomwe zidalipo kale zosanthula zida za Specter vulnerability, kutengera kufufuzidwa kwanthawi zonse, zidawonetsa zabwino zambiri zabodza, pomwe zidasowa zida zenizeni zenizeni (zoyeserera zidawonetsa kuti 99% ya zida zomwe zidadziwika ndi zida zotere sizingagwiritsidwe ntchito poukira. , ndi 33% ya zida zogwirira ntchito zomwe zingayambitse kuwukira sizinawonekere).
Kupititsa patsogolo luso la kuzindikira zida zomwe zili zovuta, Kasper amawonetsa kusatetezeka komwe wowukira amatha kugwiritsa ntchito gawo lililonse pochita ziwopsezo zamagulu a Specter - mavuto omwe amalola kuwongolera kwa data amasinthidwa (mwachitsanzo, kulowetsa zidziwitso zowukira m'mapangidwe ang'onoang'ono kuti apangitse kuphedwa kongoyerekeza pogwiritsa ntchito. Kuukira kwa gulu la LVI), pezani zinsinsi (mwachitsanzo, mukadutsa malire a buffer kapena kugwiritsa ntchito kukumbukira mutamasulidwa) ndikutulutsa zinsinsi (mwachitsanzo, posanthula momwe pulosesa ilili kapena kugwiritsa ntchito njira ya MDS).
Mukayesa, kernel imalumikizidwa ndi malaibulale a Kasper runtime ndikuwunika kuthamanga pamlingo wa LLVM. Njira yowunikirayi imatsanzira kachitidwe kongoyerekeza, kogwiritsidwa ntchito pogwiritsa ntchito njira yoyang'anira-kubwezeretsa, yomwe imagwiritsa ntchito nthambi yomwe idanenedweratu molakwika, kenako ndikubwerera kugawo loyambirira nthambiyo isanayambe. Kasper amayesanso kutengera zovuta zingapo zamapulogalamu ndi zida za Hardware, kuwunika momwe kamangidwe kake ndi kamangidwe kakang'ono, ndikuchita kuyesa kwa fuzz kwa omwe angachitike. Kuti mufufuze mayendedwe akupha, doko la DataFlowSanitizer la Linux kernel limagwiritsidwa ntchito, ndipo poyesa kusokoneza, pulogalamu yosinthidwa ya phukusi la syzkaller imagwiritsidwa ntchito.
Kujambula kwa kernel ya Linux pogwiritsa ntchito Kasper kudazindikira zida 1379 zomwe sizimadziwika kale zomwe zingayambitse kutayikira kwa data pakungopereka malangizo. Zikudziwika kuti mwina ena mwa iwo akhoza kukhala ndi mavuto enieni, koma kuti asonyeze kuti pali ngozi yeniyeni, osati yongopeka chabe, chithunzi chogwira ntchito cha ntchito chinapangidwira chimodzi mwa zidutswa zovuta za code, zomwe zimatsogolera ku chidziwitso. kutuluka kwa kernel memory.
Source: opennet.ru