Iqembu labacwaningi abavela e-Technical University of Graz (Austria), phambilini elalaziwa ngokuthuthukisa ukuhlasela kwe-MDS, i-NetSpectre, Throwhammer kanye ne-ZombieLoad, lishicilele indlela entsha yokuhlasela esemaceleni (CVE-2021-3714) ngokumelene neMemory-Deduplication mechanism. , okuvumela ukunquma ubukhona benkumbulo yedatha ethile, ukuhlela ukuvuza kwe-byte-by-byte kokuqukethwe kwememori, noma ukunquma ukwakheka kwememori ukuze kudlule ukuvikela okusekelwe ekhelini okungahleliwe (ASLR). Indlela entsha iyahluka ezinhlobonhlobo ezibonisiwe ngaphambilini zokuhlaselwa kwendlela yokuphindaphinda ngokwenza ukuhlasela okuvela kumsingathi wangaphandle kusetshenziswa njengesimo sokunquma ushintsho lwesikhathi sokuphendula kuzicelo ezithunyelwe kumhlaseli nge-HTTP/1 ne-HTTP/2 iphrothokholi. Amandla okwenza ukuhlasela akhonjisiwe kumaseva asekelwe ku-Linux ne-Windows.
Ukuhlaselwa kwendlela yokukhipha inkumbulo kusebenzisa umehluko ngesikhathi sokucubungula umsebenzi wokubhala njengesiteshi ukuvuza ulwazi ezimeni lapho uguquko kudatha luholela ekwenziweni kwekhanda kwekhasi lememori elikhishiwe kusetshenziswa indlela yokukopisha-Bhala (COW) . Ngesikhathi sokusebenza, i-kernel ithola amakhasi enkumbulo afanayo avela ezinqubweni ezihlukene futhi iwahlanganise, ibalazwe amakhasi enkumbulo afanayo endaweni eyodwa yenkumbulo yomzimba ukuze igcine ikhophi eyodwa kuphela. Uma enye yezinqubo izama ukushintsha idatha ehlotshaniswa namakhasi akhishiwe, okuhlukile (iphutha lekhasi) kwenzeka futhi, kusetshenziswa indlela ye-Copy-On-Write, ikhophi ehlukile yekhasi lememori idalwe ngokuzenzakalelayo, eyabelwe inqubo. Isikhathi esengeziwe sichithwa kugcwaliswa ikhophi, okungase kube uphawu lwezinguquko zedatha eziphazamisa enye inqubo.
Abacwaningi babonise ukuthi ukubambezeleka okuvela kumshini we-COW kungabanjwa hhayi nje kuphela endaweni, kodwa futhi ngokuhlaziya izinguquko ezikhathini zokulethwa kwezimpendulo ngenethiwekhi. Kuphakanyiswe izindlela ezimbalwa zokunquma okuqukethwe kwememori kusuka kumsingathi wesilawuli kude ngokuhlaziya isikhathi sokwenziwa kwezicelo ngezivumelwano ze-HTTP/1 kanye ne-HTTP/2. Ukugcina izifanekiso ezikhethiwe, kusetshenziswa izinhlelo zewebhu ezijwayelekile ezigcina imininingwane etholiwe kwizicelo kumemori.
Umgomo ojwayelekile wokuhlasela uphelela ekugcwaliseni ikhasi lememori kuseva ngedatha okungenzeka iphinda okuqukethwe kwekhasi lememori eselivele likhona kuseva. Umhlaseli ube eselinda isikhathi esidingekayo ukuze i-kernel iphindaphinde futhi ihlanganise ikhasi lememori, bese elungisa idatha eyimpinda elawulwayo futhi ahlole isikhathi sokuphendula ukuze anqume ukuthi ukushaya kube yimpumelelo yini.
Phakathi nokuhlolwa, izinga eliphezulu lokuvuza kolwazi lalingu-34.41 bytes ngehora lapho kuhlasela ngenethiwekhi yomhlaba wonke kanye namabhayithi angu-302.16 ngehora lapho kuhlasela ngenethiwekhi yendawo, eshesha kakhulu kunezinye izindlela zokukhipha idatha ngamashaneli ezinkampani zangaphandle (isibonelo, ekuhlaselweni kwe-NetSpectre, izinga lokudluliswa kwedatha lingamabhayithi angu-7.5 ngehora lokuqala).
Kuphakanyiswe izinketho ezintathu zokuhlasela. Inketho yokuqala ikuvumela ukuthi unqume idatha kumemori yeseva yewebhu esebenzisa i-Memcached. Ukuhlasela kubilisa ekulayisheni amasethi athile edatha kusitoreji se-Memcached, ukususa ibhulokhi ekhishiwe, ukubhala kabusha isici esifanayo nokudala umbandela wokuthi ukukopishwa kwe-COW kwenzeke ngokushintsha okuqukethwe kwebhulokhi. Ngesikhathi sokuhlolwa nge-Memcached, kube nokwenzeka ukunquma kumasekhondi angu-166.51 inguqulo ye-libc efakwe kusistimu esebenza emshinini obonakalayo.
Inketho yesibili yenze kwaba nokwenzeka ukuthola okuqukethwe kwamarekhodi ku-MariaDB DBMS, uma usebenzisa isitoreji se-InnoDB, ngokuphinda udale okuqukethwe yibhayithi byte. Ukuhlasela kwenziwa ngokuthumela izicelo ezilungiswe ngokukhethekile, okuholela ekuphambeni kwebhayithi eyodwa emakhasini enkumbulo nokuhlaziya isikhathi sokuphendula ukuze kutholwe ukuthi ukuqagela mayelana nokuqukethwe kwebhayithi kwakulungile. Izinga lokuvuza okunjalo liphansi futhi lilingana namabhayithi angu-1.5 ngehora lapho kuhlasela kunethiwekhi yendawo. Inzuzo yendlela ukuthi ingasetshenziswa ukubuyisela okuqukethwe kwimemori engaziwa.
Inketho yesithathu yenze kwaba nokwenzeka ukudlula ngokuphelele indlela yokuvikela ye-KASLR emaminithini angu-4 futhi uthole ulwazi mayelana nokususwa kwememori yesithombe somshini we-virtual kernel, esimweni lapho ikheli le-offset lisekhasini lememori lapho enye idatha ingashintshi. Lokhu kuhlasela kwenziwe kumphathi otholakala kuma-hops angu-14 ohlelweni oluhlaselwe. Izibonelo zekhodi zokuqalisa ukuhlasela okwethulwayo zithenjiswa ukuthi zizoshicilelwa ku-GitHub.
Source: opennet.ru