freenode/lisp - IRC Chatlog
Search
21:01:51
jmercouris
are there any exploits in any of the common implementations? how are these handled?
21:16:38
pjb
On the other hand, we're not a prized target. Too much work for too few systems to crack…
21:22:18
sjl_
Quicklisp wants to be a one-file install, without requiring something like OpenSSL or curl be installed on the machine
21:22:52
sjl_
So the options are either 1. Implement a SSL in pure CL. 2. FFI out to some system SSL lib. 3. Not use SSL at all.
21:23:38
sjl_
I think Xach is planning on option 3, by implementing some kind of cryptographic checksum algo in pure CL (which is *much* easier than implementing full TLS) and then validating the packages downloaded to be able to tell if they've been tampered with on the way
21:24:18
sjl_
VPN doesn't help you if the "middle" in "man in the middle attack" is between your VPN endpoint and the Quicklisp servers
21:25:24
sjl_
You can also set up an HTTP proxy and tell quicklisp to use it (the quicklisp servers actually already support ssl) , but last time I tried that I couldn't get it working for some reason. I can't remember why.
21:27:26
sjl_
There's also https://github.com/slime/slime/issues/286 / https://github.com/slime/slime/issues/511 which the slime people probably won't fix unless someone exploits it on their machine
21:29:00
Xach
The quicklisp installer file (quicklisp.lisp) includes an openpgp key and openpgp key signature verifier. it's used to verify fetching the rest of the client. the client includes code to check the sha256 checksum of downloaded archives.
21:29:09
sjl_
Then pay some cryptographers to audit it, etc etc. Checksumming is almost certainly *far* more practical.
21:29:17
Xach
this scheme is not deployed yet. i am still thinking about key management and expiry and stuff.
21:29:21
jmercouris
sjl_: I know about the slime issue with local attackers, but I don't see how that's even an issue really
21:29:44
sjl_
jmercouris: someone is already on your machine -> every web page running javascript ever
21:29:57
Xach
Sometimes I feel like just pushing it out and fixing problems as they come, sometimes I feel like I should test more
21:30:19
sjl_
Xach: can we volunteer to be guinea pigs by downloading a special version of quicklisp?
21:31:08
jmercouris
I don't know, it isn't my software, however I wouldn't feel comfortable making releases on such a critical piece of software without very thorough tests
21:31:57
Xach
sjl_: I did that a while ago and the results were promising, but some of the infrastructure to make it work is not set up - recent releases don't have the checksums published and signed.
21:33:51
jmercouris
sjl_: Why does OpenSSL need 550k lines of code? what is it doing that is so complex?
21:35:09
jmercouris
for example, how could one have written test suites for the exploits on intel chips?
21:43:00
Xach
There are issues involved with implementing eavesdrop-proof communication that are different from implementing signature/checksum verification.
21:43:19
Xach
Maybe it's possible and worthwhile in CL but it is not something that interests me due to my impression of the difficulty.
21:44:28
sjl_
A better comparison might be Go's TLS implementation, which is ~13k lines of code. If you're Google, you can throw money at cryptographers and security engineers to write/audit a TLS library for your language.
21:44:47
sjl_
But in a smaller community without piles of money, that's probably not going to happen.
21:45:27
sjl_
It's much, *much* easier to implement a single checksum algorithm than even a decent subset of TLS.
21:45:36
Xach
I am always on board for implementing something in CL even if it's slower or clunkier because I love to avoid FFI.
21:46:15
sjl_
Checksum is probably the wrong word. You get the initial Quicklisp installer over https, which includes Xach's public key
21:48:00
jmercouris
so the question is, if we can verify a library is what it says it is, what is the advantage of having HTTPS support?
21:49:11
Xach
In my ideal world each CL implementation would provide the right stuff to make secure connections on all supported platforms.
21:49:53
jmercouris
last question, your above statement implies some implementations provide support secure connections
21:49:54
Xach
If all implementations that Quicklisp supports also supported secure communication, things would be done by now.
21:56:42
jgkamat
sjl_: I'm actually planning to write an exploit for that slime issue at some point, chrome has some raw TCP apis exposed to js and I want to give that a shot. I'm super busy though so not sure when I'll get a chance to work on that
21:57:24
sjl_
As long as you're nice and present it as a proof-of-concept, and don't actually exploit anyone's machine, that would be valuable.
5:41:53
gabbiel
Hey guys, I'm trying to create this 2 macros called "synonymize-macro" and "synonymize-function"
5:43:03
gabbiel
I'm trying to really make it a synonym, i.e. have the new synonyms inherit documentation and arglists
5:44:20
gabbiel
I thought of using trivial-args, and then processing the return value of the arglist function in the trivial-args package
5:44:25
no-defun-allowed
eg (setf (fdefinition 'bar) (fdefinition 'foo)) worked here, copied function and documentation
5:55:25
gabbiel
on a similar note, I also have a macro called funmacro, which turns a function into a macro
5:59:29
gabbiel
sounds dumb, but I have this function I use for my hobby which uses only lists and its annoying to have to quote a bunch of lists
6:01:37
gabbiel
I also wrote a macro "nq" which doesn't define anything, but calls a function with args quoted, maybe I should use that, but idk, funmacro is useful because it also allows for defining with anonymous functions
6:09:58
gabbiel
no-defun-allowed: is there a function akin to fdefinition/macro-function for special operators?
6:15:03
pillton
I am skeptical about your synonym anyhow. You are only considering the function namespace.
6:22:31
gabbiel
quick question, I learned I have to do (eval-when (compile load execute) ...) when I need to use macros within the same file. if I macro that away, will it eval-when, or wont it do anything as its a macro?