I will sound like a grumpy old man, but anybody that mentions "Turing completeness" in the context of an exploit shows he has either not understood exploitation, or Turing completeness, or finiteness of RAM and it's implications for computational models.
-
Show this thread
-
As far as I can tell, the "Turing completeness" stuff was a handwavy way of trying to make "look we can do more than just return to system()" look like a qualitative change vs. an increment on multiple-return-into-libcs.
1 reply 1 retweet 13 likesShow this thread -
Also correction to my first tweet: It is possible that the person has understood them, but the publishing culture encourages repeating a false statement if it has been used in sufficiently many previously published papers without thinking about it.
1 reply 1 retweet 11 likesShow this thread -
And apologies for the grumpyness. I am just fatigued by some wrong ideas / turns of phrase being impossible to weed out.
3 replies 0 retweets 14 likesShow this thread -
Gauss was almost the opposite of what one would want from a helpful scientist (in terms of demoralizing other researchers etc.), but a tiny dash of "Pauca sed matura" would do our publishing culture a lot of good.
1 reply 1 retweet 12 likesShow this thread -
Sometimes I get grumpy, and then I feel guilty about grumpyness.
4 replies 0 retweets 18 likesShow this thread -
Replying to @halvarflake
No. You’re just suffering from software-sucks syndrome.
1 reply 0 retweets 11 likes -
Replying to @matthew_d_green @halvarflake
What happens (speaking vaguely as an academic, though in the wrong field) is that someone comes to us and says “here’s this super powerful bug that’s really easy to exploit” and the first thing we think is “surely someone will squash the really obvious exploit path, what then?”
1 reply 0 retweets 8 likes -
Replying to @matthew_d_green @halvarflake
And then before we know it, we’ve extrapolated nine cycles of patch/exploit forward to the point where the attacker’s only way to win is to get Turing completeness, yay!
2 replies 1 retweet 5 likes
Maybe that happens sometimes, but more often I see people prove that some primitive is turing complete... as if that makes any difference to attackers. Nobody is trying to calculate pi in their exploit, they just want to execute systemcalls.
-
-
Replying to @taviso @halvarflake
I think the theory was that someday you guys would figure out how to stop that system-call thing! You had one job!
2 replies 0 retweets 7 likes -
still working on it, still not out of a job ;) However, I am getting excited about upcoming hardware capabilities such as memory tagging and PAC in conjunction with CFI and shadow call stack in the meantime. Now we only need to get this into cheap, low level hardware.
0 replies 0 retweets 1 like
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.