Chinenge chikamu chechina che Android 13 yakanyorwa muRust

Rust Android 13

Android 13 ndiyo yekutanga vhezheni yeAroid uko yakawanda yekodhi nyowani yakawedzerwa kune iyo vhezheni iri mumutauro wakachengeteka mundangariro.

Kuburikidza ne blog post, Google mainjiniya akaburitsa pfupiso yemhedzisiro yekutanga yesumo Rust kusimudzira rutsigiro pa Android.

Android 13, inenge 21% yekodhi itsva yakagadzirwa Iyo yakaunganidzwa yakanyorwa muRust uye 79% muC/C++, iri AOSP (Android Open Source Project) repository, iyo inovandudza kodhi kodhi yepuratifomu yeAroid, ine mitsara inosvika miriyoni 1,5 yeRust kodhi.

Iyo kodhi yakapihwa neAOSP ine hukama nemidziyo mitsva senge Keystore2 cryptographic keystore, iyo stack yeUWB (Ultra-Wideband) machipi, kuitiswa kweiyo DNS protocol pamusoro peHTTP3, AVF virtualization framework (Android Virtualization Framework), kuyedza stacks yeBluetooth neWi-Fi.

Mumutsara nehurongwa hwakatorwa pamusoro kuderedza njodzi yekukanganisa ndangariro, Kusvika ikozvino Rust yakashandiswa zvakanyanya pakuvandudza kodhi nyowani uye zvishoma nezvishoma kusimbisa kuchengetedzwa kweakanyanya kutambudzika uye akakosha software zvikamu.

Sezvo huwandu hweiyo nyowani-isina chengetedzo kodhi yekupinda Android yadzikira, huwandu hwekuyeuka kuchengetedzwa kwekuchengetedza hwadzikira zvakare. Kubva 2019 kusvika 2022, yakadzikira kubva pa76% kusvika 35% yekuzara kweAroid kusagadzikana. 2022 inocherekedza gore rekutanga kuti ndangariro kuchengetedzwa kusazvidavirira kune ruzhinji rwekusagadzikana kwe Android.

Chinangwa chese chekufambisa chikuva cheRust hachina kuiswa, uye kodhi yekare inoramba iri muC / C ++, uye kurwisa mabhugi mairi kunoitwa nekushandisa fuzzing bvunzo, static kuongororwa, uye kushandiswa kwemaitiro akafanana. kushandiswa kwerudzi rweMiraclePtr (kusunga pamusoro pekunongedza, iyo inoita yekuwedzera macheki ekuwana yakasunungurwa nzvimbo dzekurangarira), iyo Scudo memory allocation system (yakachengeteka kutsiva malloc / yemahara) uye nzira dzekuona kukanganisa paunenge uchishanda neHWAsan (Hardware Assisted AddressSanitizer) memory , GWP-ASAN uye KFENCE.

Pamusoro pehuwandu hwemhando ye kushomeka pa Android papuratifomu, zvinoonekwa kuti se inoderedza huwandu hwekodhi nyowani inoshanda nendangariro munzira dzisina kuchengeteka, inoderedzawo kuwanda kwekusagadzikana kunokonzerwa nezvikanganiso kana uchishanda nendangariro.

Semuyenzaniso, chikamu chekusagadzikana kwakakonzerwa nenyaya dzekurangarira kwakadzikira kubva pa76% muna 2019 kusvika pa35% muna 2022. Munhamba dzakakwana, 223 ndangariro dzakaonekwa muna 2019, zana muna 150, zana muna 2020, uye 100. havana kuwanikwa). 2021 raive gore rekutanga kuti kusagadzikana kwakabatana nendangariro kwakamira kutonga.

Parizvino, hapana kukanganisa kwekuchengetedza ndangariro kwakawanikwa mu Android Rust kodhi.

Isu hatitarisire iyo nhamba kuti igare pa zero zvachose, asi kupihwa huwandu hweiyo Rust kodhi nyowani mumavhezheni maviri eAroid uye zvinhu zvinodzivirira kuchengetedza kwainoshandiswa, mhedzisiro yakakosha. Zvinoratidza kuti Rust iri kushanda chinangwa chayo chekudzivirira iyo inonyanya kuzivikanwa sosi yekusagadzikana kweAndroid.

Kubvira zvikanganiso zvine chokuita nendangariro zvinowanzova zvine ngozi zvikuru, huwandu hwehuwandu hunoratidzawo kuderera kwehuwandu hwezvinhu zvakakosha uye nyaya dzinogona kushandiswa kure. Panguva imwecheteyo, masimba ekuonekwa kwehutera husina hukama nekushanda nendangariro anga ari padanho rakafanana kwemakore mana apfuura - 4 vulnerabilities pamwedzi.

Huyero yenyaya dzine njodzi kune kusasimba kunokonzerwa nekukanganisa kwendangariro kwakafanana (asi sezvo huwandu hwekusagadzikana hunodzikira, huwandu hwematambudziko ane njodzi hunodzikirawo).

Iwo manhamba anoteedzerawo kuwirirana pakati pehuwandu hwekodhi nyowani inoshanda nendangariro nenzira isina kuchengeteka uye huwandu hwekusagadzikana kwakabatana nendangariro (buffer mafashama, kuwana kune yakatosunungurwa ndangariro, nezvimwewo).

Kucherechedza uku simbisa fungidziro ye kuti kutarisisa kukuru mu kushandiswa kwemaitiro akachengeteka ekuronga inofanirwa kupihwa kune nyowani kodhi uye kwete kunyora zvakare iripo, sezvo mazhinji ekusagadzikana akaonekwa ari mukodhi nyowani.

mabviro: https://security.googleblog.com/


Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako