Bakhuphe uhlaselo oluvumela ukubonwa okude kwamaqhekeza ememori

Iqela le abaphandi abavela kwiYunivesithi yaseGraz yeTekhnoloji (Ostriya), ngaphambili eyaziwayo ngokuphuhlisa i-MDS, i-NetSpecter, i-Throwhammer kunye nokuhlaselwa kwe-ZombieLoad, yaziwe Zimbalwa iintsuku ezidlulileyo indlela entsha yokuhlasela (CVE-2021-3714) ethi ngecala lemijelo ukuya kwiphepha lememori indlela yokwahlulwa-hlulwa inokumisela ubukho bedatha ethile kwinkumbulo, iququzelele ukuvuza kwe-byte yomxholo wememori okanye imisele uyilo lwememori ukudlula ukhuseleko olusekwe kwidilesi ye-randomization (ASLR).

Indlela entsha yohluka kwiintlobo zohlaselo ukuya kwindlela yokudibanisa iboniswe ngaphambili xa uhlaselo lomkhosi wangaphandle usebenzisa njengeenqobo zokutshintsha ixesha lokuphendula kwizicelo ezithunyelwe ngumhlaseli nge-HTTP / 1 kunye ne-HTTP / 2 protocol. Uhlaselo lwaboniswa kwiLinux kunye neeseva zeWindows.

Ukuhlaselwa kweMemory deduplication kuxhaphake umahluko kwixesha lokucubungula umsebenzi wokubhala njengejelo lokuvuza kolwazi kwiimeko apho utshintsho lwedatha lukhokelela kwi-cloning yephepha lememori elichithwe usebenzisa indlela yokukopisha ekubhaleni (COW).

Kwinkqubo, i-kernel imisela amaphepha ememori efanayo yeenkqubo ezahlukeneyo kwaye uzidibanise, ukwenza imephu yamaphepha ememori afanayo kwindawo yenkumbulo yomzimba ukugcina ikopi enye kuphela. Xa enye yeenkqubo izama ukutshintsha idatha eyayanyaniswa namaphepha akhutshiweyo, okuchaseneyo kuyaphoswa (impazamo yephepha) kunye nokusebenzisa indlela yokukhuphela-kwi-bhala, ikopi eyahlukileyo yephepha lenkumbulo yenziwa ngokuzenzekelayo, eyabelwa inkqubo echitha elona xesha lininzi likhuphela, elinokuba luphawu lotshintsho lwedatha luyagqithana. ngenye inkqubo.

Abaphandi babonise ukuba ukulibaziseka okubangelwayo yendlela ye-COW ingabanjwa kungekuphela kwendawo, kodwa nangokuhlalutya utshintsho kwixesha lokuhanjiswa kweempendulo kwinethiwekhi.

Ngolu lwazi, abaphandi bacebise iindlela ezininzi zokumisela imixholo yenkumbulo kwinginginya ekude ngokuhlalutya ixesha lokwenziwa kwezicelo ngeHTTP/1 kunye neHTTP/2 protocol. Ukugcina itemplates ezikhethiweyo, iinkqubo zewebhu eziqhelekileyo zisetyenziswa ezigcina ulwazi olufunyenweyo kwizicelo kwinkumbulo.

Umgaqo oqhelekileyo wokuhlaselwa ubilisa ukugcwalisa iphepha lememori kumncedisi ngedatha enokuphinda-phinda umxholo wephepha lememori esele ikumncedisi. Kamva, umhlaseli ulinda ixesha elithathayo ukuze i-kernel ikhuphe ikopi kwaye udibanise iphepha lememori, emva koko ulungise idatha ephindwe kabini elawulwayo kwaye uqikelele ixesha lokuphendula ukujonga ukuba impumelelo ibe yimpumelelo.

Ngexesha lovavanyo olwenziweyo, ubuninzi bezinga lokuvuza kolwazi laliyi-34,41 bytes ngeyure kuhlaselo lwe-WAN kunye ne-302,16 bytes ngeyure kuhlaselo kwinethiwekhi yendawo, ekhawulezayo kunabanye. (Umzekelo, ekuhlaselweni kwe-NetSpecter, izinga lokudluliselwa kwedatha yi-7,5 bytes ngeyure).

Iintlobo ezintathu zomsebenzi wohlaselo ziyacetywa:

  1. Inketho yokuqala ikuvumela ukuba uchaze idatha kwinkumbulo yomncedisi wewebhu apho iMemcached isetyenziswa khona. Ukuhlaselwa kubilisa ukulayisha iiseti ezithile zedatha kwi-Memcached storage, ukucima ibhloko edibeneyo, ukubhala kwakhona into efanayo, kunye nokudala imeko yokuba ikopi ye-COW yenzeke xa iziqulatho zebhloko ziguquka.
  2. Ukhetho lwesibini luvumelekile ukwazi umxholo weerejista kwi-DBMS MariaDB, xa usebenzisa i-InnoDB yokugcina, uphinda wenze umxholo nge-byte. Uhlaselo lwenziwa ngokuthumela izicelo eziguqulwe ngokukodwa, ukuvelisa i-byte engafanelekanga kumaphepha ememori kunye nokuhlalutya ixesha lokuphendula ukugqiba ukuba ukucinga malunga nomxholo we-byte kwakuchanekile. Izinga lokuvuza okunjalo liphantsi kwaye lilingana ne-1,5 bytes ngeyure xa uhlaselwa kwinethiwekhi yendawo.
  3. Ukhetho lwesithathu luvumelekile dlula ngokupheleleyo indlela yokukhusela ye-KASLR kwimizuzu emi-4 kwaye ufumane ulwazi malunga ne-offset kwimemori yomfanekiso we-kernel womatshini wenyani, kwimeko apho idilesi ye-offset ikwikhasi lememori, enye idatha apho ingatshintshi.

Okokugqibela, ukuba unomdla wokwazi okungakumbi ngayo, unokujonga kwi iinkcukacha kwikhonkco elilandelayo.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.