Abathuthukisi bephrojekthi ye-Grsecurity indaba eyisixwayiso ebonisa ukuthi ukuqedwa ngokunganaki kwezixwayiso zomdidiyeli kungaholela kanjani ekubeni sengozini kukhodi. Ekupheleni kukaMeyi, ku-Linux kernel, kwahlongozwa ukulungiswa kwevekhtha entsha yokuxhashazwa kweSpecter sengozini ngocingo lwesistimu ye-ptrace.
Enqubweni yokuhlola isichibi, abathuthukisi baqaphele ukuthi lapho akha, umdidiyeli ubonisa isexwayiso mayelana nokuxuba ikhodi nezincazelo (isakhiwo sachazwa ngemva kwekhodi ngokunikeza inani kokuguquguqukayo okukhona):
inkomba ye-int = n;
uma (n < HBP_NUM) { index = array_index_nospec(index, HBP_NUM); struct perf_event *bp = thread->ptrace_bps[index];
U-Linus wamukele egatsheni lakho eliyinhloko, kusuka kusixwayiso ngokugoqa incazelo eguquguqukayo ku-if block:
uma (n < HBP_NUM) { int index = array_index_nospec(n, HBP_NUM); struct perf_event *bp = thread->ptrace_bps[index];
NgoJulayi, ukulungiswa kuphinde kwathunyelwa emagatsheni e-kernel 4.4, 4.9, 4.14, 4.19, kanye no-5.2 ezinzile. Abanakekeli abazinzile nabo bahlangabezane nesixwayiso, futhi esikhundleni sokubheka ukuthi sase silungisiwe yini egatsheni eliyinhloko lika-Linus, bazichibiyela bona. Inkinga ukuthi, ngaphandle kokucabanga okuningi, nje ukuchazwa kwesakhiwo phezulu, ukuze ikholi eya ku-array_index_nospec, ehlinzeka ngokuqondile ngokuvikeleka ebungozini, ingabe isasetshenziswa encazelweni yesakhiwo, futhi esikhundleni sokuguquguquka kwe-"index", okuguquguqukayo kuka-"n" kwakuhlala kusetshenziswa:
inkomba ye-int = n;
uma (n < HBP_NUM ){ struct perf_event *bp = thread->ptrace_bps[index];
inkomba = uhlu_inkomba_nospec(inkomba, HBP_NUM);
Source: opennet.ru