Boka revatsvagiri kubva kuTechnical University yeGraz (Austria), yaimbozivikanwa nekugadzira iyo MDS, NetSpectre, Throwhammer uye ZombieLoad kurwiswa, yakaburitsa nzira nyowani yekurwisa nzira (CVE-2021-3714) ichipokana neMemory-Deduplication mechanism. , iyo inobvumira kuona kuvepo kwemundangariro yeimwe data, kuronga byte-by-byte kuvuza kwemukati mendangariro, kana kuona ndangariro dhizaini yekunzvenga kero-based randomisation (ASLR) kudzivirira. Iyo nzira nyowani inosiyana neyakamboratidzwa misiyano yekurwiswa kweiyo deduplication meshini nekuita kurwisa kubva kune wekunze anogamuchira achishandisa sechiyero shanduko yenguva yekupindura kune zvikumbiro zvakatumirwa kune anorwisa kuburikidza neHTTP/1 uye HTTP/2 protocol. Iko kugona kuita kurwiswa kwakaratidzwa kumaseva akavakirwa paLinux neWindows.
Kurwiswa kwememory deduplication mechanism inoshandisa mutsauko munguva yekugadzirisa yekunyora mashandiro senzira yekuburitsa ruzivo mumamiriro ezvinhu apo shanduko yedata inotungamira mukuumbwa kweiyo deduplicated memory peji uchishandisa iyo Copy-On-Write (COW) mashandiro. . Panguva yekushanda, kernel inoona mapeji akafanana ekurangarira kubva kune akasiyana maitiro uye oabatanidza, achigadzira mapeji akafanana endangariro munzvimbo imwechete yekuyeuka kwemuviri kuchengeta kopi imwe chete. Kana imwe yemaitiro ichiedza kushandura data yakabatana nemapeji akadhindwa, kusarudzika (peji kukanganisa) kunoitika uye, uchishandisa iyo Copy-On-Write michina, kopi yakaparadzana yepeji yekurangarira inogadzirwa otomatiki, iyo inopihwa maitiro. Nguva yekuwedzera inopedzwa kupedzisa kopi, inogona kunge iri chiratidzo chekuchinja kwedata kuchikanganisa imwe nzira.
Vatsvakurudzi vakaratidza kuti kunonoka kunokonzerwa neCOW nzira inogona kutorwa kwete chete munharaunda, asiwo nekuongorora kuchinja kwekupindura nguva dzekupindura pane network. Nzira dzinoverengeka dzakarongwa dzekutarisa zviri mukati mendangariro kubva kune ari kure anogamuchira nekuongorora iyo nguva yekuitwa yekukumbira pamusoro peHTTP/1 uye HTTP/2 protocol. Kuti uchengetedze matemplate akasarudzwa, akajairika mawebhusaiti anoshandiswa anochengeta ruzivo rwakagamuchirwa muzvikumbiro mundangariro.
Iyo misimboti yekurwisa inodzika kusvika pakuzadza peji rendangariro pane sevha nedata rinogona kudzokorora zviri mukati mememory peji yagara iripo pane server. Anorwisa anobva amirira nguva inodiwa kuti kernel itore uye kubatanidza peji rendangariro, obva agadzirisa data rakadzorwa uye oongorora nguva yekupindura kuti aone kana kurova kwakabudirira.
Munguva yekuedza, ruzivo rwakanyanya rwekudonha ruzivo rwakanga rwuri 34.41 bytes paawa paunenge uchirwisa kuburikidza netiweki yepasi rose uye 302.16 bytes paawa paunenge uchirwisa kuburikidza netiweki yemunharaunda, iyo inokurumidza kupfuura dzimwe nzira dzekutora data kuburikidza nemigwagwa yechitatu (somuenzaniso, mukurwiswa kweNetSpecter, mwero wekuchinjisa data ndeye 7.5 bytes pane imwe o'clock).
Sarudzo nhatu dzekurwisa dzekushanda dzakakurudzirwa. Sarudzo yekutanga inokutendera kuti uone iyo data mundangariro yewebhu server inoshandisa Memcached. Kurwiswa kwacho kunosvika pakurodha mamwe seti yedata muMemcached chengetedzo, kubvisa iyo yakadhindwa block, kunyora zvakare chinhu chimwe chete uye kugadzira mamiriro ekukopa COW kuti aitike nekushandura zviri mukati me block. Munguva yekuyedza neMemcached, zvakakwanisika kuona mumasekonzi 166.51 vhezheni ye libc yakaiswa pane system inoshanda mumushini chaiwo.
Yechipiri sarudzo yakaita kuti zvikwanise kuwana zviri mukati meMariaDB DBMS, kana uchishandisa InnoDB kuchengetedza, nekudzokorora zvirimo byte byte. Kurwiswa kwacho kunoitwa nekutumira zvikumbiro zvakagadziridzwa, zvichikonzera kusawirirana-byte mumapeji endangariro uye kuongorora nguva yekupindura kuti vaone kuti fungidziro yezviri mukati mebhaiti yaive yechokwadi. Muyero wekudonha kwakadaro wakaderera uye unosvika 1.5 bytes paawa paunenge uchirwisa kubva kune network yenzvimbo. Kubatsira kweiyo nzira ndeyekuti inogona kushandiswa kudzoreredza zvisingazivikanwe ndangariro zvirimo.
Sarudzo yechitatu yakaita kuti zvikwanise kupfuura zvachose nzira yekudzivirira yeKASLR mumaminetsi mana uye kuwana ruzivo nezve memory offset yemuchina wechina kernel mufananidzo, mumamiriro ezvinhu apo kero yekubvisa iri mune yekurangarira peji umo imwe data isingachinji. Kurwiswa kwacho kwakaitwa kubva kune muenzi anowanikwa 4 hops kubva kune yakarwiswa system. Mienzaniso yekodhi yekushandisa kurwiswa kwakaratidzwa inovimbiswa kuburitswa paGitHub.
Source: opennet.ru