Chikwata chevaongorori kubva kuYunivhesiti Yemahara yeAmsterdam yakaburitsa Kasper toolkit yakagadzirirwa kuona macode snippets muLinux kernel inogona kushandiswa kushandisa Specter-class kusagadzikana kunokonzerwa nekufungidzira kodhi kuuraya processor. Iyo kodhi kodhi yeturusikit yakagoverwa pasi peApache 2.0 rezinesi.
Ngatiyeukei kuti kuitira kuti tiite kurwisa kwakadai seSpecter v1, iyo inoita kuti zvikwanise kuona zviri mukati mendangariro, kuvapo mune yakasarudzika kodhi yeimwe kutevedzana kwemirairo (gadget) inodiwa, zvichitungamira kune kufungidzira kuurayiwa kwemirairo. . Nezvinangwa zvekugadzirisa, processor inotanga kuita gadget yakadaro nenzira yekufungidzira, yobva yaona kuti kufanotaura kwebazi hakuna kururamiswa uye kudzosera mashandiro kumamiriro avo ekutanga, asi iyo data yakagadziriswa panguva yekufungidzira inopera mu cache uye microarchitectural buffers uye. inowanikwa kuti itore kubva kwavari uchishandisa nzira dzakasiyana dzekutarisa zvakasara data kuburikidza nevechitatu-bato chiteshi.
Maturusi aimbovepo ekuongorora majejeti eiyo Specter vulnerability, zvichibva pakutsvaga mafambiro akajairika, yakaratidza huwandu hwakanyanya hwemanyepo, uku ichishaya akawanda chaiwo emagetsi (miedzo yakaratidza kuti 99% yemidziyo yakaonekwa nemidziyo yakadaro yaisagona kushandiswa pakurwisa. , uye 33% yezvigadzirwa zvekushanda zvinogona kutungamirira kukurwisa hazvina kuonekwa).
Kuti uvandudze hunhu hwekuona zvinonetsa magajeti, Kasper modhi kusavimbika uko munhu anorwisa anogona kushandisa padanho rega rega rekuita Specter kirasi kurwiswa - matambudziko anobvumira kudzora data anoteedzerwa (semuenzaniso, kutsiva data yeanorwisa kuita zvimiro zvidiki kuti zvikurudzire kunotevera kufungidzira kuuraya uchishandisa. Kurwiswa kwekirasi yeLVI), kuwana ruzivo rwekuvanzika (semuenzaniso, kana uchipfuura miganhu yebhafa kana kushandisa ndangariro mushure mekusunungurwa) uye kuburitsa ruzivo rwakavanzika (semuenzaniso, nekuongorora mamiriro e processor cache kana kushandisa iyo MDS nzira).
Paunenge uchiyedza, iyo kernel inobatanidzwa neKasper runtime raibhurari uye cheki ichimhanya padanho reLLVM. Maitiro ekutarisa anotevedzera fungidziro yekodhi kuuraya, inoshandiswa uchishandisa cheki-yekudzoreredza meshini, iyo inonyatso shandisa zvisizvo kufanotaurwa kodhi bazi, uye yobva yadzokera kumamiriro ekutanga bazi risati ratanga. Kasper anoyedzawo kutevedzera kwakasiyana-siyana software uye hardware kusadzikama, anoongorora mabatiro ezvivakwa uye microarchitectural mhedzisiro, uye anoita fuzz bvunzo yezvinobvira kurwisa zviito. Kuongorora mafambiro ekuuraya, chiteshi cheDataFlowSanitizer cheLinux kernel chinoshandiswa, uye pakuyedza kupusa, shanduro yakagadziridzwa yesyzkaller package inoshandiswa.
Iyo scan yeLinux kernel ichishandisa Kasper yakaratidza 1379 yaimbove isingazivikanwe magajeti ayo anogona kutungamira mukudonha kwedata panguva yekufungidzira kuita kwemirairo. Zvinocherechedzwa kuti zvimwe chete zvimwe zvacho zvinogona kuunza matambudziko chaiwo, asi kuratidza kuti kune njodzi chaiyo, uye kwete yekungofungira chete, prototype inoshanda yekubata yakagadziridzwa kune imwe yematambudziko ekodhi zvimedu zvinotungamira kune ruzivo. kubuda kubva ku kernel memory.
Source: opennet.ru