Vatsvagiri kubva kuNCC Group mahara mapurojekiti odhita mhinduro , chaiyo-nguva yekushanda sisitimu (RTOS), ine chinangwa chekushongedza zvishandiso zvinoenderana neInternet yezvinhu pfungwa (IoT, Internet yezvinhu). Panguva yekuongorora zvakaratidzwa muZephyr uye 1 kusagadzikana muMCUboot. Zephyr iri kuvandudzwa nekutora chikamu kweIntel makambani.
Pakazara, 6 kusasimba kwakaonekwa mune network stack, 4 mu kernel, 2 mugomba rekuraira, 5 mune system yekufona vanobata, 5 mu USB subsystem uye 3 mune firmware update mechanism. Nyaya mbiri dzakatarwa dzakakosha, mbiri dzakakwirira, 9 dzine mwero, 9 dzakaderera, uye 4 ndedzekutariswa. Matambudziko akakosha anokanganisa iyo IPv4 stack uye iyo MQTT parser, ine njodzi inokanganisa USB misa chengetedzo uye USB DFU madhiraivha. Panguva yekuburitswa kweruzivo, zvigadziriso zvaive zvakagadzirirwa chete gumi neshanu zvekusagadzikana zvakanyanya; matambudziko anotungamira mukurambwa kwesevhisi kana ane chekuita nekukanganisa mune yekuwedzera kernel nzira dzekudzivirira dzinoramba dzisina kugadziriswa.
Kusagadzikana kuri kure kunoshandiswa kwakaratidzwa mupuratifomu IPv4 stack, iyo inotungamira kune huwori hwekurangarira kana uchigadzira ICMP mapaketi akagadziridzwa neimwe nzira. Rimwe dambudziko rakakomba rakawanikwa muMQTT protocol parser, iyo inokonzerwa nekushaikwa kwemusoro wemusoro wemunda kureba kutarisa uye kunogona kutungamirira kune kure kure kodhi. Kuramba kwakanyanya kwekuramba kwenyaya dzesevhisi kunowanikwa muIPv6 stack uye CoAP protocol kuita.
Mamwe matambudziko anogona kushandiswa munharaunda kukonzeresa kuramba sevhisi kana kodhi kuuraya padanho re kernel. Kuzhinji kwekusagadzikana uku kune hukama nekushaikwa kwekutarisa kwakaringana kwehurongwa hwekufona nharo, uye zvinogona kutungamira kunzvimbo dzekupokana dzekernel memory kunyorerwa uye kuverengerwa kubva. Matambudziko anowedzerawo kune iyo system yekufona kugadzirisa kodhi pachayo-kudaidza isina kunaka system yekufona nhamba inoguma nekuwanda kufashukira. Iyo kernel yakaratidzawo matambudziko mukuitwa kweASLR dziviriro (kero nzvimbo randomization) uye magadzirirwo ekuisa canary mamaki pane stack, zvichiita kuti nzira idzi dzisashande.
Matambudziko mazhinji anokanganisa USB stack uye madhiraivha ega. Semuenzaniso, matambudziko ari mu USB misa yekuchengetera anogona kukonzera buffer kufashukira uye kuita kodhi pane kernel level kana chishandiso chakabatana kune USB host inodzorwa neanorwisa. Kusagadzikana mu USB DFU, mutyairi wekurodha firmware nyowani kuburikidza ne USB, inobvumidza iwe kurodha yakagadziridzwa firmware mufananidzo mumukati weFlash weiyo microcontroller usingashandisi encryption uye nekupfuura yakachengeteka boot mode nekusimbisa kwezvikamu uchishandisa siginecha yedhijitari. Pamusoro pezvo, iyo yakavhurika bootloader kodhi yakadzidzwa , umo imwe yenign vulnerability yakawanikwa,
izvo zvinogona kutungamira kune buffer kufashukira kana uchishandisa iyo SMP (Simple Management Protocol) protocol pamusoro peUART.
Rangarira kuti muZephyr, imwe chete yepasi rose yakagovaniswa kero nzvimbo (SASOS, Single Kero Space Operating System) inopihwa kune ese maitiro. Kushandisa-chaiyo kodhi inosanganiswa neyekushandisa-yakatarwa kernel kuti igadzire monolithic inogoneka inogona kutakurwa uye kumhanya pane chaiyo hardware. Yese system zviwanikwa zvinotemerwa panguva yekuunganidza, kuderedza kodhi saizi uye kuwedzera kuita. Iyo sisitimu mufananidzo unogona kusanganisira iwo chete kernel maficha anodiwa kumhanyisa application.
Zvinokosha kuziva kuti pakati pezvakakosha zvakanakira Zephyr kukura nekuchengeteka mupfungwa. kuti nhanho dzese dzebudiriro dzinopinda matanho anosungirwa ekusimbisa kuchengetedzeka kwekodhi: kuyedza bvunzo, static ongororo, yekupinda bvunzo, kodhi yekuongorora, kuongororwa kweiyo backdoor kuita uye kutyisidzira modhi.
Source: opennet.ru