Then please enlighten me, what was the "fairly serious CPU correctness bug found by [my] employer"?
-
-
As I'm sure you know, the details of these bugs are usually NDA'd when they're found outside of vendors. There's a public errata for it, but I'm not going to describe the finding of an NDA'd bug on public twitter.
1 reply 0 retweets 1 like -
At my current (much smaller than Google) employer, we just found an issue that causes data corruption on a CPU from one of your whitelisted vendors. If you speak with people in the platforms group at any large company, you'll find people run into these with some regularity.
1 reply 0 retweets 1 like -
Do you honestly think I don't read errata? Unless it affects the subset of functionality that NaCl relies on, please explain the relevance. CPUs have bugs, CPUs interpret the specs differently, behave differently on edge cases, etc. That's the whole point of the whitelist.
1 reply 0 retweets 0 likes -
No, and I never said that. The bug we ran into causes effectively arbitrary data corruption. I admit I haven't read all of the NaCl code, but I would be pretty surprised if it's robust against arbitrary data corruption.
2 replies 0 retweets 0 likes -
I think you don't understand the NaCl security model, could you at least read the paper before being so angry about it? We need obscure parts of the spec that were *never* security relevant before to work under adversarial conditions, like segmentation edge cases.
1 reply 0 retweets 0 likes -
If you don't handle reading a dword across a segment boundary the same way intel does, then remote code execution. How confident are you do? I didn't test, I bet I can find edge cases you deviate in. I'll bet money on this.
1 reply 0 retweets 0 likes -
Who's angry? You keep responding with point scoring stuff and not responding to the actual content.
2 replies 0 retweets 0 likes -
What specifically do you do about errata that say "under complex micro-architectural conditions ... [any data can be corrupted and changed to any value]"?
1 reply 0 retweets 0 likes -
I obviously need more details to decide if it's possible under NaCl. I can give you an example with RowHammer, we decided to remove clflush from the validator whitelist, does that answer your question?
1 reply 0 retweets 1 like
Indirectly, perhaps. If you're removing instructions from a whitelist, then you're still vulnerable to a large fraction of data corruption bugs including many of the bugs that are triggered by "complex micro-architectural conditions"
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.