The Infosec Thread: Yes, time to move off Entrust

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off Entrust

«‹›509 »

apropos man: Sep 5, 2016; You get a hundred and forty one thousand years and you're out in eight!

Wtf is that supposed to mean? I'd be better off with Win10 on it? Chortle.

# ? Jan 3, 2018 17:17

Adbot: ADBOT LOVES YOU

# ? May 25, 2024 02:06

deimos: Nov 30, 2006; Forget it man this bat is whack, it's got poobrain!

apropos man posted:

Would it be possible to have two verions of the kernel: one for Vee-Emming and one for plain desktop/laptop use? I don't wanna lose up to 30% performance.

This is probably a bad idea, but fuckit: hit post.

This affects non VMs as well, theoretically a Javascript payload could install a rootkit. That's how hosed this is.

The problem is that this is a ring-crossing bug, that's what makes it deadly. Rings for reference.

deimos fucked around with this message at 17:47 on Jan 3, 2018

# ? Jan 3, 2018 17:45

Wiggly Wayne DDS: Sep 11, 2010

deimos posted:

This affects non VMs as well, theoretically a Javascript payload could install a rootkit. That's how hosed this is.

that's not theoretical and the same threat model from rowhammer applies. here's a recent presentation on a js-based attack to defeat aslr: https://www.youtube.com/watch?v=ewe3-mUku94

rowhammer was publicised in 2014, you should have been in a panic since then if this affects you

# ? Jan 3, 2018 17:48

Space Gopher: Jul 31, 2006; BLITHERING IDIOT AND HARDCORE DURIAN APOLOGIST. LET ME TELL YOU WHY THIS SHIT DON'T STINK EVEN THOUGH WE ALL KNOW IT DOES BECAUSE I'M SUPER CULTURED.

apropos man posted:

Would it be possible to have two verions of the kernel: one for Vee-Emming and one for plain desktop/laptop use? I don't wanna lose up to 30% performance.

This is probably a bad idea, but fuckit: hit post.

This is a bad idea.

It looks like VM escapes (or guest-to-host/cross-guess reads, or whatever) are one possibility for this attack. They're getting a lot of attention because so many public-facing services are isolated with VMs. But that doesn't mean they're the only bad thing that can happen. Unless your single-tenant no-VM desktop is air gapped, physically secured so only you can use it, and runs only carefully audited software, you need to be able to isolate unprivileged code from kernel space.

apropos man posted:

Wtf is that supposed to mean? I'd be better off with Win10 on it? Chortle.

Clearly your choice of OS is superior to the washed masses. Chortle.

# ? Jan 3, 2018 17:51

BlankSystemDaemon: Mar 13, 2009

In the good tradition of PoC||STFU, here's some PoC:

"no page faults required, massaging everything in/out-of the right cache seems to be the crux".

# ? Jan 3, 2018 17:54

CLAM DOWN: Feb 13, 2007

Wiggly Wayne DDS posted:

rowhammer was publicised in 2014, you should have been in a panic since then if this affects you

Honestly, I'm basically perpetually in a panic in this industry

# ? Jan 3, 2018 18:23

Thermopyle: Jul 1, 2003; ...the stupid are cocksure while the intelligent are full of doubt. �Bertrand Russell

Intel releases next generation without bug:

Now with 30% more performance!

# ? Jan 3, 2018 18:58

Alereon: Feb 6, 2004; Dehumanize yourself and face to Trumpshed; College Slice

CLAM DOWN posted:

Thread title

Clever but too long

# ? Jan 3, 2018 19:03

BlankSystemDaemon: Mar 13, 2009

They usually say that detailed commit messages are a good thing, but maybe not in this case.

# ? Jan 3, 2018 20:03

Subjunctive: Sep 12, 2006; ✨sparkle and shine✨

I don�t think there�s incremental damage to be done, given the guy tweeting about a PoC.

# ? Jan 3, 2018 20:05

BlankSystemDaemon: Mar 13, 2009

Subjunctive posted:

I don�t think there�s incremental damage to be done, given the guy tweeting about a PoC.

A PoC without code disclosure is one thing, these are commits to the Linux kernel, so the code itself is public - I'd think that's a big bigger of an issue?

# ? Jan 3, 2018 20:07

Trabisnikof: Dec 24, 2005

D. Ebdrup posted:

A PoC without code disclosure is one thing, these are commits to the Linux kernel, so the code itself is public - I'd think that's a big bigger of an issue?

I believe the embargo on the committed code isn't over yet. But yeah, the cat is out of the bag.

# ? Jan 3, 2018 20:08

Klyith: Aug 3, 2007; GBS Pledge Week

deimos posted:

This affects non VMs as well, theoretically a Javascript payload could install a rootkit. That's how hosed this is.

are you positive? the writing about this made it seem to me like the bug can only read kernel memory. and that to turn it into an attack you'd need to actually use that information -- either as a target for a second vulnerability, or just stealing the leaked data itself. which is why VMs are brought up all the time.

but if I'm totally misunderstanding it and you can use it to write to arbitrary memory as well then count me in on the holy poo poo bandwagon.

# ? Jan 3, 2018 20:18

The Fool: Oct 16, 2003

The exploit is read only.

Doesn't make it any less of a 'holy poo poo' situation though.

# ? Jan 3, 2018 20:21

Jabor: Jul 16, 2010; #1 Loser at SpaceChem

Reading kernel memory breaks kernel ASLR, so it's basically half a root exploit on its own.

# ? Jan 3, 2018 20:25

Klyith: Aug 3, 2007; GBS Pledge Week

The Fool posted:

Doesn't make it any less of a 'holy poo poo' situation though.

yeah alright, but holy poo poo in a holy poo poo OSes need to do extensive rewrites of memory management type way

not a holy poo poo the world is ending way

# ? Jan 3, 2018 20:50

The Fool: Oct 16, 2003

Let me introduce you to September 2017.

# ? Jan 3, 2018 20:55

Truga: May 4, 2014; Lipstick Apathy

Klyith posted:

are you positive? the writing about this made it seem to me like the bug can only read kernel memory.

If you can read kernel memory, getting root access is probably only a matter of jumping through some hoops.

# ? Jan 3, 2018 21:11

Evis: Feb 28, 2007; Flying Spaghetti Monster

If by hoops you mean find other bugs that allow you to exploit the kernel or more privileged processes to obtain root then sure.

# ? Jan 3, 2018 21:21

Truga: May 4, 2014; Lipstick Apathy

You can probably find a private key that'll let you have root eventually, when you can read literally anything in memory.

# ? Jan 3, 2018 21:36

OddObserver: Apr 3, 2009

Evis posted:

If by hoops you mean find other bugs that allow you to exploit the kernel or more privileged processes to obtain root then sure.

I am kinda worried about Android on Arm64...

# ? Jan 3, 2018 21:38

Thanks Ants: May 21, 2004; #essereFerrari

Presumably this could be used to attack the VSM in Device Guard as well, since it would just exploit the kernel in the underlying hypervisor.

# ? Jan 3, 2018 21:39

Cup Runneth Over: Aug 8, 2009; She said life's
Too short to worry
Life's too long to wait
It's too short
Not to love everybody
Life's too long to hate