On Tue, Mar 14, 2023 at 10:34:48AM -0600, Theo de Raadt wrote: > Good god, imagine this bit flip happened *anywhere else*, like in the > page tables, or in the code or data or stack of chrome, or basically > *anywhere* > > Shall we change them all?
The example I gave was the last resort other than pf enabled to a kernel compromise afaik. There is a few of them perhaps, they've not been fixed for decades lying dormant with a sysctl knob to turn them off. > Shall we change the compiler to not allow checks like this? No not at all. > Shall we wait for a compiler diff from you? No it's above my head and it would take me decades. :-) Happy Pi day Theo, it's not quite April 1st but I think this is a bit more serious. Just think about it, and perhaps in 10-20 years you can consider it? Best Regards, -peter > p...@delphinusdns.org wrote: > > > >Synopsis: can we resist agains bit flipping? > > >Category: system > > >Environment: > > System : OpenBSD 7.2 > > Details : OpenBSD 7.2 (GENERIC.MP) #2: Thu Nov 24 23:53:03 MST 2022 > > > > r...@syspatch-72-arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP > > > > Architecture: OpenBSD.arm64 > > Machine : arm64 > > >Description: > > https://en.wikipedia.org/wiki/Single-event_upset > > > > A single event upset gave someone in belgium who was in a poll, 4096 > > extra votes. When I think about this bit flip and look at the kernel > > code for an ultra secure operating system there is not much stopping > > someone to try an attack during a cosmic storm or increased solar > > activity. Perhaps a bit flips somewhere in the CPU or RAM? > > > > pjp@polarstern$ grep sourceroute ip_input.c > > int ip_dosourceroute = 0; > > if (!ip_dosourceroute) { > > if (!ip_dosourceroute) > > &ip_dosourceroute); > > > > Like here. As you know someone found something last week if this were > > enabled. But the way this check is. It doesn't check for the low bit set > > to > > one but it checks for the inverted value, so if the 12th bit was flipped in > > a > > solar storm ip_dosourceroute would now be 4096. And the system would be > > wide > > open. > > > > >How-To-Repeat: > > Hackers probably check the weather report like > > https://spaceweather.com/ for increased solar activity and then fill > > the CPU caches with attempts to get a bit flip happening. The odds > > aren't in their favour but who knows they may get lucky. > > >Fix: > > I propose all these variables to be monitored occasionally with a CRC > > check and if there is a bit flip happening to unset it to the right value. > > This is a lot of work but may be worth it. OpenBSD would never be faring to > > space right? I have no code but trying to think around how to do this. > > > > > > dmesg: > > cut > > >
