flat assembler
Message board for the users of flat assembler.

flat assembler > Heap > Skype bug ‘system’ level access and English is the solution

Goto page Previous  1, 2, 3, 4, 5, 6  Next
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16098
Location: Squiddler's Patch
sleepsleep wrote:
should cpu be designed from ground up?
with less instructions, less registers, less rules, no auto predict, and more simple approaches?
There is no need for ground up restart. Previous generations of CPUs are already that.

But that is not the solution IMO. People like speed so they will keep buying high performance CPUs even if they don't need them for normal usage.

The "solution" is like I posted above. No untrusted unaudited code. There will always be vulnerabilities. So take the approach of just accepting that fact and stop allowing untrusted actors to run arbitrary things in your computer.
Post 04 May 2018, 01:56
View user's profile Send private message Visit poster's website Reply with quote
MSrobots2



Joined: 21 Oct 2017
Posts: 12
I wonder why nobody mentioned French.

Not that I like it much, but inernational she is.

Since hundreds{?} of years French is used WORLDWIDE as official language for all post related things like mail, parcel, international banking, tariff-stations and foreign relations as in Consulates or Embassies.

So the language having the world wide grip on politics, Transportation and Tariffs, mail and other international transactions is official French, not English.

and I do not like the french language at all.

just saying...

Mike
Post 04 May 2018, 01:56
View user's profile Send private message Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1295
revolution wrote:
Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical

There are no details in the article, unfortunately.

But I'm sure all of you reading this have disabled all untrusted code, right? No JS. No AV. No random code from random websites. No kid sister access.
No AV -- agreed.

No JS -- might as well say no internet at all, then you're perfectly safe, right? I mean vast majority of sites need JS. Sure enabling it selectively with plugins/extensions is a good practice (I do it that way), but no JS at all is too restrictive, sorry. Confused

What pisses me off is that nobody answers the specific question I have (I mean anywhere online, can't find it no matter how much I search). Can Spectre read memory from the kernel or another user??

That's, ultimately, what matters. Nobody gives a shit of people who use their browser as the same user and without a sandbox and then complain of getting spied on, I mean wtf. If it's the same user he already has access to all your files, who cares about reading another process' memory?

But look at crap like Wayland how they use this for "security", reducing functionality (and that's putting it lightly) for the average dumb moron who runs the browser as same user and without a sandbox. So fucking disgusting.

Yeah you can read the memory outside the VM but that's the same user, I'm guessing, so... it really pisses me off nobody answers this question for someone with a PROPER security setup.

MSrobots2 wrote:
and I do not like the french language at all.
That's the reason, french just sucks and sounds silly.

Not to mention it has accents and obscure pronunciation (worse than english in this department) there's literally nothing better about it.
Post 04 May 2018, 11:31
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16098
Location: Squiddler's Patch
Furs wrote:
Can Spectre read memory from the kernel or another user??
I don't know the answer either. But, if you have an affected CPU and OS then I suppose you could try to read your kernel memory with it. Post back here with your results. Twisted Evil


Last edited by revolution on 04 May 2018, 16:46; edited 2 times in total
Post 04 May 2018, 14:03
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1295
Well last time I found a proof of concept for Meltdown it took ages to run and I gave up (well that also had a pretty quick patch, so I don't care if it even worked or not).

But that's besides the point anyway. If I could find a proof of concept for Spectre reading kernel memory, I wouldn't need to ask the question since it would be answered even if I didn't actually run said code. Except for the JS thing (which is a non-issue now that browsers got patched against it), I can't find any proof of concept for Spectre so how am I supposed to test?
Post 04 May 2018, 16:34
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16098
Location: Squiddler's Patch
Furs wrote:
Yeah you can read the memory outside the VM but that's the same user, I'm guessing, so...
But that is still a serious vulnerability. Not everyone is happy for program A to read the state of program B. If B is you doing banking in your browser, and A is some "free" music streaming app you downloaded a while back and didn't realise it was booby trapped.
Post 04 May 2018, 16:51
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1295
If the programs are under different users, and can read each other, yes that's a serious vulnerability. Otherwise it's trivial.

If two apps are ran under the same user, always assume (because they can) they will be able to spy on each other -- or heck, spy on everything that user has access to. If you simply follow this rule, you'll design a very simple but much more secure rig. If it can read your files, then it's game over already to me, who cares about the memory of other applications at this point?

But, you say, it's not always the browser that it can spy on. What if the trivial app downloaded spies on something else, like Notepad, with some sensitive data? So what? It can't do anything (unless it starts deleting your files obviously, but then it's a virus not spyware). That's because even if it collects the info, it should NOT have internet access. The only apps with internet access are those as another user (which can't cross the boundary).

Easy: make the default user account (in which you login) with no internet privileges -- drop any output from the default user on the firewall (one line in iptables/nftables). I mean, it's a no brainer.

1) Don't give internet access to applications that don't (or shouldn't) need it in the first place.
2) Sandbox (as different user + other methods) any application with access to the internet.

Doing 2 is easy since it's a whitelist, rather than a blacklist. Applications that aren't whitelisted (i.e. run as default user) don't have access to the internet anyway and won't be able to report anything malicious they did. You don't have to go very deep into malware territory to see why this is crucial: a lot of applications "phone home" or other bullshit with copy protections. I don't know about you, but even with a valid license (no piracy involved), I don't want them to spy on me, period!

VMs are a different thing though, since they kind of need root access (usually with setuid, so it's implicit), not sure how that factors here. But yeah, other than VMs, if Spectre can't bypass user boundaries (or kernel) then it's no big deal IMO. But I don't know if it can, that's the problem. Mad
Post 04 May 2018, 19:32
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16098
Location: Squiddler's Patch
App A should never have access to app B for any reason; same user or not, Internet access or not. It is none of App A's business what I do in app B, or even that I run app B. If the OS, or the CPU, can't prevent app A reading arbitrary memory then that OS or CPU is not doing its job.
Post 05 May 2018, 01:50
View user's profile Send private message Visit poster's website Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2311
Location: Usono (aka, USA)
sleepsleep wrote:
should cpu be designed from ground up?
with less instructions, less registers, less rules, no auto predict, and more simple approaches?

kiss?

or we need complexities to fill out egos, Laughing
maybe we are too smart to build simple stuff that simple works,


I know this isn't going to solve all of your problems, but ....

Post 05 May 2018, 01:56
View user's profile Send private message Visit poster's website Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2311
Location: Usono (aka, USA)
MSrobots2 wrote:
I wonder why nobody mentioned French.

Not that I like it much, but inernational she is.

Since hundreds{?} of years French is used WORLDWIDE as official language for all post related things like mail, parcel, international banking, tariff-stations and foreign relations as in Consulates or Embassies.

So the language having the world wide grip on politics, Transportation and Tariffs, mail and other international transactions is official French, not English.

and I do not like the french language at all.


You missed my quote from Wikipedia:

Wikipedia wrote:

When the United Kingdom and Ireland joined the EU's predecessor in 1973, French was the dominant language of the institutions. With the addition of Sweden and Finland in the 1990s, and the Eastern European states in the 2000s, English slowly supplanted French as the dominant working language of the institutions. In 2015, it was estimated that 80% of legislative proposals were drafted first in English. The role of English as a lingua franca is believed to be likely to continue, given how heavily staff rely on it.


So the popular "lingua franca" has changed many times over the years. French is (for good or bad) no longer popular enough.
Post 05 May 2018, 02:03
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 7706
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
rugxulo wrote:
sleepsleep wrote:
should cpu be designed from ground up?
with less instructions, less registers, less rules, no auto predict, and more simple approaches?

kiss?

or we need complexities to fill out egos, Laughing
maybe we are too smart to build simple stuff that simple works,


I know this isn't going to solve all of your problems, but ....



thanks for the Oberon link,

sometime wonder, how much we sacrifice in order to able to use something, it doesn't makes sense to me, still trying to pursue something simple, easy to manage, ready to understood, hopefully i could get it before times up,
Post 05 May 2018, 05:27
View user's profile Send private message Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1295
revolution wrote:
App A should never have access to app B for any reason; same user or not, Internet access or not. It is none of App A's business what I do in app B, or even that I run app B. If the OS, or the CPU, can't prevent app A reading arbitrary memory then that OS or CPU is not doing its job.
Now you sound like Wayland devs where I completely disagree (and they try to force it on everybody which really annoys me).

There are tons of apps that rely on knowing about others (and which aren't possible in Wayland anymore) to integrate for better experience (docks, visually, overlays, etc).

Heck, Wine doesn't even work without telling the kernel to allow apps to read each others' memory (as long as same user and privilege, obviously), which kind of tells you that Windows itself requires it for most of its functionality. (I mean, reading another process' memory is pretty central part of Windows anyway, think of memory editors and the like, e.g. Cheat Engine)

There are so many things -- actually useful things -- that you can do with X11 and can't with Wayland precisely because of reasons like those you stated.

The simplest example is a screenshot app. Such an app requires to see the windows of other apps obviously. Rolling Eyes It's pseudo-security at best. All apps have access to ALL the files you have access to (as a user), so it's a completely pointless security practice and all it does is piss off users who want to use apps like that.

I know your next reply will be just like Wayland supporters: make a hardcoded screenshot app in Wayland. Way to miss the point, it was just an example, and why the need to bloat everything up into one central point of failure just like systemd? Unix philosophy is "do one thing and do it well", not "do all things that apps can't do because we love pseudo security".

What if I want feature X in my screenshot app, or streaming/recording app, whatever, do I need to beg Wayland devs to implement it because I can't write my own app anymore to do it? Disgusting tbh.

This whole mentality is disgusting, and it's one scenario where Windows is actually designed well. So yeah, it is completely app A's business what app B does, because it is a screenshot app and needs to know everything app B displays. One example out of thousands.

If I don't trust app A, then I don't trust it with my files either and won't run it as my user. The moment I run it as my user, I give away the keys to the house. Simple as that.
Post 05 May 2018, 11:52
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16098
Location: Squiddler's Patch
I hadn't considered screenshots. That might be a problem. Maybe Apps could could call a system API to say that copying the windows contents is okay and/or reading/writing its memory as the same user, or a different user, is okay. I'm not sure of all the details that would be involved, but giving the apps the option to stay in high security mode or move down to a lower security mode might work. Or the opposite: opt-in vs opt-out, or something similar. Question But that all relies upon the kernel being trustworthy and the CPU not allowing apps to read things by the backdoor. So we will still require the CPU and the OS to prevent all nefarious memory reading/writing; and then we can decide based upon some policy what we want to allow and what we want to block.

Most programs mask passwords so screenshots wouldn't reveal those, but reading memory can reveal passwords and keys. Taking multiple screenshots could reveal your browsing history over time. If an app was to send out shots every minute, or whatever timing, that could be a problem for many people.

----------------------------------------------

As for your previous query about Spectre. Here is a graphic:
Image

I found it in this page:
https://www.extremetech.com/computing/268831-a-new-wave-of-spectre-class-attacks-may-be-coming-for-intel-cpus

I'm not sure if it is accurate. Buyer beware.
Post 05 May 2018, 12:09
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 7706
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
loading pictures and instantly hit remote exploits, future repeats history,

there are more thing to scare about than this spectre, Laughing

best would be, use simple thing, thing that we could build from scratch,
Post 05 May 2018, 12:16
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16098
Location: Squiddler's Patch
sleepsleep wrote:
best would be, use simple thing, thing that we could build from scratch,
I'm not convinced that building something from scratch will eliminate all exploits. There is still the human factor. Mistakes are easy to make and harder to discover.
Post 05 May 2018, 12:20
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 7706
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
it is not easy for sure, because it requires a re-design of the whole thing, processes and etc,

to adhere to the kiss concept, garbage in equal garbage out,

the idea is, to design the work flow, from input, process to output as logical, simple, accurate and etc,

how hard is it to spot a red char from a whole black txt document,
or how hard is it to spot a white char from a whole black background txt document?

what i mean is,
unusual thing should be significantly noticeable, and we should have designed such system with this as main objective,
Post 05 May 2018, 12:57
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16098
Location: Squiddler's Patch
sleepsleep wrote:
it is not easy for sure, because it requires a re-design of the whole thing, processes and etc,

to adhere to the kiss concept, garbage in equal garbage out,

the idea is, to design the work flow, from input, process to output as logical, simple, accurate and etc,

how hard is it to spot a red char from a whole black txt document,
or how hard is it to spot a white char from a whole black background txt document?

what i mean is,
unusual thing should be significantly noticeable, and we should have designed such system with this as main objective,
You are right, it isn't easy. It might even be impossible for humans to do it and still have a useful product. Some level of complexity is unavoidable, and humans are terrible at evaluating complexity. I still don't see haw a re-design will suddenly solve all the problems. I'd expect you will come up against all the same problems. Either that you make something so simplistic that it ends being just an inert blob of goo.
Post 05 May 2018, 13:04
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1295
@revolution: Thanks for the chart, but idk what "arbitrary user memory" means. Does it include other users or those processes you don't have (normally) access to? For example, can it leak memory from a process ran as root (it's still user mode, even if it's "admin" privilege, you know). Confused
Post 05 May 2018, 13:55
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 7706
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
i grab your feeling, it is not easy,
impossible? idk, maybe yes, maybe no,

but maybe a journey into how things evolve into so complex might be lucrative and desirable?

there is something i read recently, or somehow i recollect,
you see the chaos on earth, but it doesn't shows up if you view the earth from moon,

the nature wrap things inside something and prevent them to escape,

so how to put this idea into programming?

the cells inside my body might just finish x whole body war, but i have no idea, Laughing
Post 05 May 2018, 14:00
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16098
Location: Squiddler's Patch
Furs wrote:
@revolution: Thanks for the chart, but idk what "arbitrary user memory" means. Does it include other users or those processes you don't have (normally) access to? For example, can it leak memory from a process ran as root (it's still user mode, even if it's "admin" privilege, you know). Confused
I don't know the specific answers for that graphic. But in general, you won't be able to read memory that is not mapped by the page tables. So for most OSes you can't read the memory of other users because it isn't mapped into your address space. And without a mapping there is simply no way to address it.

So I expect the problem they describe is mostly for the browser. One tab can read the state of the entire browser memory. But it probably cannot read another process without some other exploit like calling a system function to map in memory from other processes. If you can trick the browser to call a system function then it could read memory from other processes under the same user. And since most OSes won't allow one user to map in memory from another user, then other user memory is likely not accessible.
Post 05 May 2018, 14:17
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2018, Tomasz Grysztar.

Powered by rwasa.