Checkpoint Company Safe-Linking dziviriro nzira, izvo zvinoita kuti zviome kugadzira maexploit anoshandisa tsananguro kana gadziriso yeanongedzo kune mabuffers akagoverwa paunenge uchifona malloc. Safe-Linking haivharise zvachose mukana wekushandisa kushaya simba, asi nepamusoro-soro inoomesa zvakanyanya kusikwa kwemamwe mapoka ezvishandiso, sezvo mukuwedzera kune inoshandisika buffer mafashama, zvinodikanwa kuti uwane imwe njodzi inokonzeresa kubuda kweruzivo nezve. kuiswa kwemurwi mundangariro.
Zvimedu zvinoshandisa Safe-Linking zvakagadzirirwa Glibc (ptmalloc), uClibc-NG (dlmalloc), gperftools (tcmalloc) neGoogle TCMalloc, uye zvakare akakurudzirwa kusimudzira kuchengetedzwa muChromium (mu.
Kubva 2012, Chromium yakatovaka muMaskPtr nzira yekudzivirira yakanangana nekugadzirisa dambudziko rimwe chete, asi mhinduro kubva kuCheckpoint inoratidza kuita kwepamusoro).
Mapeche akakurudzirwa akatobvumidzwa kuendeswa mukuburitswa kwaNyamavhuvhu uye Safe-Linking inogoneswa nekusarudzika. uClibc-NG inotsigira Safe-Linking inosanganisirwa mukuburitswa 1.0.33 uye inogoneswa nekusarudzika. Shanduko mu gperftools (yekare tcmalloc) , asi ichapihwa sechisarudzo mukuburitswa kunotevera.
Developers (tcmalloc itsva) yakaramba kugamuchira , ichitaura kuderera kwekuita kwakanyanya uye kukosha kwekuwedzera bvunzo dzakakura kuti ugare uchitarisa kuti zvese zviri kushanda sezvazvinotarisirwa. Kuedzwa nemainjiniya eCheckpoint kwakaratidza kuti iyo Safe-Linking nzira haitungamiri kune imwe ndangariro kushandiswa, uye kuita kana uchiita mirwi mirwi inoderedzwa paavhareji ne 0.02% chete, uye mumamiriro ezvinhu akaipisisa ne1.5% (pakuenzanisa, mutengo wepamusoro. munzira inoshandiswa muChromium inofungidzirwa se "pasi pe2%). Kubatanidzwa
Safe-Linking inoguma mune 2-3 yekuwedzera mirairo yegungano iri kuurayiwa nguva yega yega yemahara () inodanwa, uye 3-4 mirairo nguva yega malloc () inodanwa. Kumhanya kwekutanga uye kusarudzika kukosha chizvarwa nhanho hazvidiwi.
Safe-Linking inogona kushandiswa kwete chete kuvandudza kuchengetedzeka kweakasiyana mirwi kuita, asi zvakare kuwedzera kutendeseka kudzora kune chero data zvimiro zvinoshandisa singly yakabatana rondedzero yeanongedzo akaiswa padivi pemabhafa pachawo. Iyo nzira iri nyore kuita uye inongoda kuwedzera imwe macro uye kuishandisa kune anonongedzera kune rinotevera bhuroka mukodhi (semuenzaniso, yeGlibc mitsetse mishoma yekodhi). Iyo nzira inoenderana nekuchinja kunotevera:
+#define PROTECT_PTR(pos, ptr) \
+ ((__typeof (ptr)) (((((size_t) pos) >> 12) ^ ((size_t) ptr)))
+#define REVEAL_PTR(ptr) PROTECT_PTR (&ptr, ptr)
- inotevera = p-> fd;
+ nextp = REVEAL_PTR (p-> fd);
...
Chinhu cheiyo nzira ndeyekushandisa zvisina tsarukano data kubva kuASLR kero randomisation mechanism (mmap_base) kuchengetedza zvinyorwa zvakabatana senge Fast-Bins neTCache. Kukosha kusati kwaiswa kune chinongedzo kune chinotevera chinhu mune rondedzero, inoita mask shanduko uye inotarisa kurongeka kwepeji. Iyo pointer inotsiviwa nemhedzisiro yekushanda "(L >> PAGE_SHIFT) XOR (P)", apo P ndiyo kukosha kwechinongedzo uye L ndiyo nzvimbo yekurangarira inochengeterwa pointer.
Kana yakashandiswa muhurongwa (Kero Space Layout Randomization) chikamu cheL bits ine murwi base kero ine zvimiro zvisina kujairika izvo zvinoshandiswa sekiyi yekukodha P (yakabviswa negumi nemaviri-bit shift operation ye12-byte mapeji). Uku kunyengedza kunoderedza njodzi yekubiwa kwepointer mukushandisa, sezvo pointer haina kuchengetwa muchimiro chayo chepakutanga uye kuitsiva kunoda ruzivo rweruzivo rwekugovera. Uye zvakare, iyo chigamba kodhi zvakare ine yekuwedzera cheki yekumisikidza block, iyo isingatenderi anorwisa kutsiva chinongedzo neiyo isina kurongeka kukosha uye inoda ruzivo rwehuwandu hwemabhiti anoenderana, ayo pa4096-bit masisitimu anobvumirawo kuvharira. 64 kubva pa15 vakaedza kurwisa vasingatarise kurongeka .
Iyo nzira inoshanda pakudzivirira kubva pakurwiswa kunoshandisa chidimbu chinongedzo chekunyorazve (kushandura yakaderera mabhayiti), kuzadzazve pointer kunyora (kudzosera kune kodhi yeanorwisa) uye kushandura rondedzero chinzvimbo pane isina kurongeka. Semuenzaniso, zvinoratidzwa kuti kushandiswa kweSafe-Linking mu malloc kunobvumira kuvharira kushandiswa munguva pfupi yapfuura. nevatsvakurudzi vekusagadzikana kwakafanana muPhilips Hue Bridge mwenje wakangwara, wakakonzerwa nebuffer mafashama uye ichikubvumidza iwe kuwana kutonga kwemudziyo.
Source: opennet.ru