Iqela labaphandi abavela kwiYunivesithi yeTekhnoloji yaseGraz (eAustria), eyayisaziwa ngaphambili ngokuphuhlisa uhlaselo lwe-MDS, iNetSpectre, iThrowhammer, kunye neZombieLoad, lipapashe indlela entsha yokuhlasela ecaleni (CVE-2021-3714) ngokuchasene nenjini yeMemory-Deduplication. Olu hlaselo luvumela umntu ukuba amisele ubukho bedatha ethile kwimemori, alungiselele ukuvuza kwememori nge-byte-byte, okanye amisele ulwakhiwo lwememori ukuze adlule kwi-randomization esekelwe kwidilesi (ASLR). Le ndlela intsha yahlukile kuhlaselo oluboniswe ngaphambili kwinjini ye-deduplication kuba uhlaselo lwenziwa kwi-host yangaphandle kusetyenziswa utshintsho kumaxesha okuphendula kwizicelo ezithunyelwe ngumhlaseli kwiiprotocol ze-HTTP/1 kunye ne-HTTP/2 njengekhrayitheriya. Ukwenzeka kohlaselo kubonakaliswe kwiiseva ngokusekelwe kwi Linux и Windows.
Uhlaselo kwindlela yokukhutshwa kwememori sebenzisa umahluko kwixesha lokucubungula umsebenzi wokubhala njengejelo lokuvuza ulwazi kwiimeko apho utshintsho lwedatha lukhokelela kubumbano lwephepha lememori elichithiweyo kusetyenziswa indlela yokuKhuphela-Bhala (COW) . Ngexesha lokusebenza, i-kernel ibona amaphepha enkumbulo afanayo kwiinkqubo ezahlukeneyo kwaye iwadibanise, ukwenza imephu yamaphepha ememori afanayo kwindawo enye yememori yomzimba ukugcina ikopi enye kuphela. Xa enye yeenkqubo izama ukutshintsha idatha ehambelana namaphepha adityanisiweyo, okungafaniyo (iphutha lephepha) kwenzeka kwaye, usebenzisa i-Copy-On-Write mechanism, ikopi eyahlukileyo yephepha lememori lenziwa ngokuzenzekelayo, elinikezelwe kwinkqubo. Ixesha elongezelelweyo lichithwe ukugqiba ikopi, enokuthi ibe ngumqondiso weenguqu zedatha eziphazamisa enye inkqubo.
Abaphandi babonise ukuba ukulibaziseka okuvela kwindlela ye-COW kunokubanjwa kungekuphela kwendawo, kodwa nangokuhlalutya utshintsho kumaxesha okunikezelwa kweempendulo kwinethiwekhi. Iindlela ezininzi ziye zacetywa ukumisela imixholo yememori ukusuka kwinginginya ekude ngokuhlalutya ixesha lokwenziwa kwezicelo kwi-HTTP/1 kunye ne-HTTP/2 protocol. Ukugcina iitemplates ezikhethiweyo, iinkqubo zewebhu eziqhelekileyo zisetyenziswa ezigcina iinkcukacha ezifunyenwe kwizicelo kwimemori.
Umgaqo jikelele wohlaselo uxhomekeke ekuzaliseni umncedisi Amaphepha ememori anedatha enokuthi iphindaphinde umxholo wephepha lememori elikhoyo kwiseva. Umhlaseli emva koko ulinda i-kernel ukuba iguqule kwaye idibanise iphepha lememori, emva koko batshintshe idatha ephindwe kabini elawulwayo kwaye bavavanye ixesha lokuphendula ukuze babone impumelelo yohlaselo.
Ngexesha lovavanyo, ubuninzi bezinga lokuvuza kolwazi lwaluyi-34.41 bytes ngeyure xa uhlasela ngenethiwekhi yehlabathi kunye ne-302.16 bytes ngeyure xa uhlasela ngenethiwekhi yendawo, ekhawulezayo kunezinye iindlela zokukhupha idatha ngokusebenzisa iziteshi zomntu wesithathu (umzekelo; kuhlaselo lwe-NetSpecter, izinga lokudluliselwa kwedatha yi-7.5 bytes ngentsimbi enye).
Kuye kwacetyiswa iindlela ezintathu zokuhlasela ezisebenzayo. Uhlobo lokuqala luvumela ukuchonga idatha kwimemori. iiseva zewebhu, esebenzisa iMemcached. Olu hlaselo luquka ukulayisha iiseti zedatha ezithile kwisitoreji seMemcached, ukucoca ibhloko ekhutshiweyo, ukubhala kwakhona into efanayo, kunye nokudala iimeko zekopi yeCOW ngokuguqula umxholo webhloko. Ngexesha lovavanyo lweMemcached, kwakunokwenzeka ukufumanisa inguqulelo ye-libc efakwe kwinkqubo esebenza kumatshini obonakalayo kwimizuzwana eyi-166.51.
Inketho yesibini yenze ukuba kube lula ukufumana imixholo yeerekhodi kwi-MariaDB DBMS, xa usebenzisa i-InnoDB yokugcina, ngokuphinda uhlaziye umxholo nge-byte. Uhlaselo lwenziwa ngokuthumela izicelo eziguqulwe ngokukhethekileyo, ezibangela ukungalingani kwebhayithi enye kumaphepha ememori kunye nokuhlalutya ixesha lokuphendula ukugqiba ukuba ukuqikelela malunga nemixholo ye-byte kwakuchanekile. Izinga lokuvuza okunjalo liphantsi kwaye lilingana ne-1.5 bytes ngeyure xa uhlaselwa kwinethiwekhi yendawo. Inzuzo yendlela kukuba ingasetyenziselwa ukubuyisela imixholo yememori engaziwayo.
Inketho yesithathu yenza ukuba ikwazi ukudlula ngokupheleleyo indlela yokukhusela ye-KASLR kwimizuzu emi-4 kwaye ufumane ulwazi malunga nememori ye-memory offset yomfanekiso we-kernel womatshini, kwimeko apho idilesi ye-offset ikwikhasi lememori apho enye idatha ingatshintshi. Uhlaselo lwenziwa kwinginginya ebekwe kwi-14 hops ukusuka kwinkqubo ehlaselweyo. Imizekelo yekhowudi yokuphumeza uhlaselo olunikiweyo ithenjiswe ukuba iya kupapashwa kwi-GitHub.
umthombo: opennet.ru
