freenode/#sicl - IRC Chatlog
Search
9:08:25
frodef
This is how far the linux kernel goes to avoid simple indirect calls: https://www.usenix.org/system/files/atc19-amit.pdf
9:20:33
heisig
Do I understand correctly that most problems related to Spectre are because people want to execute closed-source software from dubious sources on their machines?
9:21:36
no-defun-allowed
You apparently can do it with JavaScript code. It depends if you think the Web is a dubious source...
9:23:19
no-defun-allowed
My policy of disallowing arbitrary network writes with Netfarm hopefully avoids making such an attack useful.
9:24:09
no-defun-allowed
Then you'd have to communicate the data you stole by retrieving objects somehow, and you can't create arbitrary references, so how would you encode anything? Maybe there's a way.
9:27:09
heisig
I just want to make sure that we don't try to solve a social problem (trustworthiness in the digital age) by technical means (retpoline, ...).
9:28:21
heisig
And yes, I consider the web a dubious source. At least while we don't have a reliable infrastructure for managing trustworthiness.
9:29:31
no-defun-allowed
On the other hand, how do you convince a JavaScript engine to generate code to speculatively execute bad code?
9:30:07
no-defun-allowed
Those tend to invent a new kind of exploit every year, or can you do it in correct JS?
9:34:13
no-defun-allowed
(But my approach is pretty mundane, compared to the emerging "alternative" of making one's computer a troff + VT100 emulator.)
9:34:42
heisig
no-defun-allowed: If you allow for arbitrary JavaScript code, the question is more like 'Can you prove that there is no program for which your compiler will ever emit bad code'.
9:35:14
no-defun-allowed
Indeed. I'm now wondering if you can do it without exploiting the compiler though.
9:35:15
heisig
I'm willing to bet the answer to that will always be zero (Unless your compiler is severely restricted).
9:37:02
heisig
shka_: If that were the case, our top computer scientists wouldn't be fighting for us to keep using paper ballots.
9:42:22
beach
Especially since the computer that manages the motherboard is apparently totally insecure.
9:47:38
heisig
But the scariest part is that most people are not ashamed of carrying such crap devices in their pockets.
9:48:07
frodef
Seems to me that Spectre shows that securely running untrusted code in any shape or form is very very difficult.
9:51:07
shka_
frodef: more generally speaking, i would say that "hardware security guarantees" is a flawed concept
10:00:09
beach
I also read an article about how easy it is to install a trap door in a chip immediately before manufacturing, so that not even the chip designer (who will of course outsource the manufacturing to China) knows about it. It would be some simple thing that enables supervisor mode or something like that.
10:01:20
beach
Anyway, I think we have made a mess of our computing environment(s), just as we did with the natural one.
10:18:26
ebrasca
beach: if cpu does have encription modules inside , does it help againt "trap doors"?
10:18:51
no-defun-allowed
There are those "trusted modules" already, but I always wondered how trustable they are.
10:21:42
jackdaniel
I'm sure that hardware companies with roots in USA are very trustworthy, they even have a national agance that ensures the security ;)
10:22:27
jackdaniel
(not to mention that they in fact manufacture in China - another country with high moral standards when it comes to transparency)
10:23:36
beach
ebrasca: I doubt it. There is a bit that tells whether the processor is in supervisor mode. Apparently, it is enough to hook up a capacitor to it. Then it can be enabled by a certain sequence of instructions.
10:26:00
beach
ebrasca: Friendly advice: You should work on your English. It is easy to take people less seriously of they make lots of mistakes.
10:32:06
ebrasca
beach: I am interested in this part "A conforming implementation is free to accommodate other file system features in its pathname representation and provides a parser that can process such specifications in namestrings.".
11:07:58
frodef
The Spectre attack is quite interesting from a runtime perspective. Also the implied focus on indirect branch speed/optimization.
11:12:31
beach
By "from a runtime perspective", do you mean "from the perspective of designing a `runtime' for some language implementation"? Or just "runtime" in general?
11:21:28
pjb
I thought that most problems related to Spectre were that they thought that more money was to be made from extortion and blackmailing (along with slicing spies in two), than by honest capitalist means.
11:31:22
frodef
from a security standpoint, it reveals a flaw in the idea that one can really isolate code by the semi-virtual machine that is "userspace".
11:32:32
frodef
...although this even appears in pure javascript as soon as one isn't very careful about the primitives being made available.
11:34:16
frodef
(the existence of javascript "worker threads" yields high-resolition timers that can be used to extract secret information.)
11:36:10
heisig
My preferred approach to security is to know the developers that wrote my software, to a degree that I could locate them and hit them with a stick.
11:36:31
jackdaniel
OK, then here it goes (sorry heisig!) -- just add arbitrary delays to each operation, i.e (1+ heisig) ; that is 25 nanoseconds
11:36:33
pjb
well, when you see all the side channels that can be exploited for data exfiltration even in air-gapped computers...
11:39:30
pjb
Look at that for example: https://www.securityweek.com/ram-generated-wi-fi-signals-allow-data-exfiltration-air-gapped-systems
11:44:29
frodef
pjb: That seems like a force that could be used for good: Implement wifi without wifi hardware :)
11:59:22
pjb
frodef: theorically. But in practice, there's energy management problems. It's good when you have receiver hardware that can detect low power (RAM level) wifi…
12:00:47
pjb
The thing in this use case, is to be able to transmit data even weakly, using any (limited) resource at hand, but it doesn't restrict the resources you can use to listen to it. You can have a truck of instruments in the road near the building…
12:01:38
frodef
pjb: so you can have a special device in your pocket, run your "special program" on location, and have everything downloading without plugging in a pendrive or anything. Or a truck outside..
15:51:25
splittist
Oh no - I have McClim working on my (Windows) development machine (from Docker)! There goes any chance of progress...
15:57:41
jackdaniel
"[and] it is derived from the Ancient Greek words 'chronos' and 'phage', meaning 'time-eater'.", nice