Gulu la ofufuza ochokera ku Vrije Universiteit Amsterdam ndi ETH Zurich apanga njira yowukira maukonde. (Network Cache ATtack), yomwe imalola, pogwiritsa ntchito njira zowunikira deta kudzera mumayendedwe a chipani chachitatu, kuti mudziwe kutali makiyi omwe amapanikizidwa ndi wogwiritsa ntchito pamene akugwira ntchito mu SSH. Vutoli limangowonekera pa maseva omwe amagwiritsa ntchito matekinoloje (Kufikira kwachindunji kwakutali) ndi (Data-Direct I/O).
Intel , kuti kuukirako kumakhala kovuta kugwiritsa ntchito, chifukwa kumafuna kuti woukirayo apeze mwayi wopita ku netiweki wamba, mikhalidwe yosabala ndi bungwe lakulankhulana kwamakasitomala pogwiritsa ntchito matekinoloje a RDMA ndi DDIO, omwe nthawi zambiri amagwiritsidwa ntchito pamaneti akutali, mwachitsanzo, momwe makompyuta amagwirira ntchito. masango amagwira ntchito. Nkhaniyi idavoteredwa yaying'ono (CVSS 2.6, ) ndipo malingaliro amaperekedwa kuti asalole DDIO ndi RDMA mumanetiweki am'deralo pomwe chitetezo sichinaperekedwe ndipo kulumikizana kwamakasitomala osadalirika kumaloledwa. DDIO yakhala ikugwiritsidwa ntchito mu ma processor a Intel kuyambira 2012 (Intel Xeon E5, E7 ndi SP). Machitidwe otengera mapurosesa ochokera ku AMD ndi opanga ena sakhudzidwa ndi vutoli, chifukwa sathandizira kusunga deta yomwe imasamutsidwa pa intaneti mu cache ya CPU.
Njira yomwe imagwiritsidwa ntchito pakuwukira ikufanana ndi chiwopsezo "", zomwe zimakupatsani mwayi wosintha zomwe zili m'mabiti amtundu uliwonse mu RAM kudzera mukusintha mapaketi a netiweki mumakina omwe ali ndi RDMA. Vuto latsopanoli ndi zotsatira za ntchito yochepetsera kuchedwa mukamagwiritsa ntchito makina a DDIO, omwe amatsimikizira kulumikizana mwachindunji kwa khadi la netiweki ndi zida zina zotumphukira ndi cache ya purosesa (pakukonza mapaketi a makadi a netiweki, deta imasungidwa posungira ndi kuchotsedwa ku cache, popanda kulowa kukumbukira).
Chifukwa cha DDIO, posungira purosesa imaphatikizanso zambiri zomwe zimapangidwa panthawi yoyipa yamaneti. Kuwukira kwa NetCAT kumatengera kuti makhadi a netiweki amasunga deta mwachangu, komanso kuthamanga kwa ma paketi pama network amakono am'deralo ndikokwanira kukhudza kudzazidwa kwa cache ndikuzindikira kupezeka kapena kusapezeka kwa data mu cache posanthula kuchedwa panthawi ya data. kusamutsa.
Mukamagwiritsa ntchito magawo ochezera, monga kudzera pa SSH, paketi ya netiweki imatumizidwa nthawi yomweyo fungulo likakanikizidwa, i.e. kuchedwa pakati pa mapaketi kumagwirizana ndi kuchedwa pakati pa makiyi. Pogwiritsa ntchito njira zowerengera zowerengera ndikuganiziranso kuti kuchedwa pakati pa makiyi nthawi zambiri kumadalira malo a kiyi pa kiyibodi, ndizotheka kukonzanso zomwe zidalowetsedwa ndi mwayi wina. Mwachitsanzo, anthu ambiri amakonda kulemba "s" pambuyo "a" mofulumira kwambiri kuposa "g" pambuyo "s".
Zomwe zimayikidwa mu cache ya purosesa zimalolanso munthu kuweruza nthawi yeniyeni ya mapaketi otumizidwa ndi netiweki khadi pokonza zolumikizira monga SSH. Popanga kuchuluka kwa magalimoto, wowukira amatha kudziwa nthawi yomwe deta yatsopano ikuwonekera mu cache yokhudzana ndi zochitika zinazake mudongosolo. Kusanthula zomwe zili mu cache, njirayo imagwiritsidwa ntchito , zomwe zimaphatikizapo kudzaza nkhokweyo ndi ziwerengero zamakhalidwe ndikuyesa nthawi yofikirako ikasinthidwanso kuti muwone zosintha.
Ndizotheka kuti njira yomwe ikufunsidwayo ingagwiritsidwe ntchito kudziwa osati makiyi okha, komanso mitundu ina yachinsinsi yomwe yasungidwa mu cache ya CPU. Kuwukiraku kumatha kuchitika ngakhale RDMA ili yolemala, koma popanda RDMA mphamvu yake imachepetsedwa ndipo kupha kumakhala kovuta kwambiri. Ndikothekanso kugwiritsa ntchito DDIO kukonza njira yolumikizirana yobisika yomwe imagwiritsidwa ntchito kusamutsa deta pambuyo poti seva yasokonezedwa, kudutsa njira zotetezera.
Source: opennet.ru