At my current (much smaller than Google) employer, we just found an issue that causes data corruption on a CPU from one of your whitelisted vendors. If you speak with people in the platforms group at any large company, you'll find people run into these with some regularity.
-
-
Do you honestly think I don't read errata? Unless it affects the subset of functionality that NaCl relies on, please explain the relevance. CPUs have bugs, CPUs interpret the specs differently, behave differently on edge cases, etc. That's the whole point of the whitelist.
1 reply 0 retweets 0 likes -
No, and I never said that. The bug we ran into causes effectively arbitrary data corruption. I admit I haven't read all of the NaCl code, but I would be pretty surprised if it's robust against arbitrary data corruption.
2 replies 0 retweets 0 likes -
I'd be curious to know how reading CPU errata is helpful. A typical errata will say something like "under certain conditions, unexpected behavior may occur" and it will then describe corruption of {cache, registers, IP, flags, etc.} What can any software do to work around that?
2 replies 0 retweets 2 likes -
There are tens to hundreds of errata like this for a modern Intel CPU. When you say that NaCl depends on a limited subset of features, are you saying this subset of features does not include having correct values in registers, memory, flags, etc.?
1 reply 0 retweets 2 likes -
Because NaCl code isn't arbitrary, it has to follow certain rules so that it can be validated. If an errata requires a specific code sequence, and that code sequence is impossible to validate, then please explain how it's relevant.
1 reply 0 retweets 1 like -
Are you saying that, NaCl validated code cannot hit CPU data corruption bugs? Or that NaCl is robust against arbitrary data corruption including corruption of IP?
1 reply 0 retweets 1 like -
You read the previous tweet, and concluded I must be saying that NaCl cannot hit any future undiscovered CPU data corruption? I cannot help thinking that is a bad faith interpretation Dan.
2 replies 0 retweets 0 likes -
It is literally my point that Intel and AMD make chips that are much more complex than the vendors you ban and therefore have a lot more data corruption bugs. You're saying that point is an inherently bad faith argument?
1 reply 0 retweets 2 likes -
Yes. NaCl requires a few obscure areas to work under adversarial conditions in a very predictable way that we can test, how is it relevant that other areas can fail?
1 reply 0 retweets 1 like
You specifically said you were concerned about executing the wrong code and I linked to one such bug and noted that Intel has more of these kinds of bugs than other vendors. Are you now saying that was a red herring and you're not concerned about that kind of bug?
-
-
Holy moly. NaCl works by validating code conforms to certain requirements, and that requires being able to accurately predict control flow. However, NaCl is not arbitrary, it's a small whitelist of instructions sandboxed with segmentation.
1 reply 0 retweets 1 like -
I need to get dinner. I don't think Twitter is a great venue for this discussion. If you'd like to talk about why I don't think whitelisting instructions can address the kinds of bugs I've mentioned, I'd be happy to hop on a call to discuss.
1 reply 0 retweets 0 likes - 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.