NaCl only depends on a small subset of the operation for security. Not sure why you keep talking about Spectre/Meltdown, it wasn't really relevant to NaCl (wasn't a free breakout, and you didn't need NaCl to exploit it, but rowhammer was).
-
-
Then please enlighten me, what was the "fairly serious CPU correctness bug found by [my] employer"?
2 replies 0 retweets 0 likes -
As I'm sure you know, the details of these bugs are usually NDA'd when they're found outside of vendors. There's a public errata for it, but I'm not going to describe the finding of an NDA'd bug on public twitter.
1 reply 0 retweets 1 like -
At my current (much smaller than Google) employer, we just found an issue that causes data corruption on a CPU from one of your whitelisted vendors. If you speak with people in the platforms group at any large company, you'll find people run into these with some regularity.
1 reply 0 retweets 1 like -
Do you honestly think I don't read errata? Unless it affects the subset of functionality that NaCl relies on, please explain the relevance. CPUs have bugs, CPUs interpret the specs differently, behave differently on edge cases, etc. That's the whole point of the whitelist.
1 reply 0 retweets 0 likes -
No, and I never said that. The bug we ran into causes effectively arbitrary data corruption. I admit I haven't read all of the NaCl code, but I would be pretty surprised if it's robust against arbitrary data corruption.
2 replies 0 retweets 0 likes -
I'd be curious to know how reading CPU errata is helpful. A typical errata will say something like "under certain conditions, unexpected behavior may occur" and it will then describe corruption of {cache, registers, IP, flags, etc.} What can any software do to work around that?
2 replies 0 retweets 2 likes -
There are tens to hundreds of errata like this for a modern Intel CPU. When you say that NaCl depends on a limited subset of features, are you saying this subset of features does not include having correct values in registers, memory, flags, etc.?
1 reply 0 retweets 2 likes -
Because NaCl code isn't arbitrary, it has to follow certain rules so that it can be validated. If an errata requires a specific code sequence, and that code sequence is impossible to validate, then please explain how it's relevant.
1 reply 0 retweets 1 like
Are you saying that, NaCl validated code cannot hit CPU data corruption bugs? Or that NaCl is robust against arbitrary data corruption including corruption of IP?
-
-
You read the previous tweet, and concluded I must be saying that NaCl cannot hit any future undiscovered CPU data corruption? I cannot help thinking that is a bad faith interpretation Dan.
2 replies 0 retweets 0 likes -
It is literally my point that Intel and AMD make chips that are much more complex than the vendors you ban and therefore have a lot more data corruption bugs. You're saying that point is an inherently bad faith argument?
1 reply 0 retweets 2 likes - 11 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.