hannes changed the topic of #mirage to: next bug cleaning day: 2018-01-05 14:00 UTC - late (every first friday of a month); MirageOS 3 is released, happy hacking!
vbmithr has quit [Ping timeout: 260 seconds]
vbmithr has joined #mirage
gjaldon has joined #mirage
olle has joined #mirage
gjaldon has quit []
olle has quit [Quit: olle]
mort___ has joined #mirage
seangrove has joined #mirage
argent_smith has joined #mirage
mort___ has quit [Quit: Leaving.]
mort___ has joined #mirage
mort___ has quit [Quit: Leaving.]
mort___ has joined #mirage
gentauro has quit [Ping timeout: 272 seconds]
gentauro has joined #mirage
gentauro has quit [Ping timeout: 268 seconds]
mort___ has quit [Quit: Leaving.]
gentauro has joined #mirage
mort___ has joined #mirage
mort___ has quit [Quit: Leaving.]
mort___ has joined #mirage
mort___ has quit [Quit: Leaving.]
argent_smith has quit [Quit: Leaving.]
sigjuice has quit [Ping timeout: 272 seconds]
sigjuice has joined #mirage
mort___ has joined #mirage
mort___ has quit [Quit: Leaving.]
mort___ has joined #mirage
mort___ has quit [Quit: Leaving.]
mort___ has joined #mirage
mort___ has quit [Client Quit]
mort___ has joined #mirage
mort___ has quit [Quit: Leaving.]
<raboof>
will the 'costly workarounds' for the CPU bugs that are making the rounds amplify the performance advantage of unikernels? or is that wishful thinking? :)
<dstolfa>
raboof: if anything, it makes it more dangerous to run unikernels because the guarantees you had before are now broken with timing sidechannels on the cache and your unikernel can read host's memory
<dstolfa>
it's essentially rowhammer 2.0
<dstolfa>
of course, it's not *easy* to do so, but it's possible
<dstolfa>
datacenters are going to have some fun :)
<raboof>
right, it's more dangerous to run 3rd-party code (whether or not it's packaged as a unikernel)
<dstolfa>
raboof: yeah. this is a local vulnerability. meltdown utilizes TSX on Intel to expose secrets within the kernel (thus breaking KASLR and other things, assuming we have no other leaks, which there usually are) and is more targeted towards Intel, although their toy examples work on AMD and ARM. Spectre is more difficult to set up and works by essentially training the branch predictor to assume a branch is
<dstolfa>
taken, then creates a situation where it's not taken and ensures the right information is loaded into the cache (by inspecting the code and hand-crafting it). you can then easily time to find out what was in there
<dstolfa>
there are papers on both if you'd like to read up on it, but essentially it's a microarchitectural problem and solvable (either by slower software solutions or a hardware solution, which will still probably slow things down)
<dstolfa>
the important thing to note here is that while this is a somewhat generic way to develop exploits on current CPUs, software usually has much more glaring vulnerabilities that can be exploited and you probably won't be affected by this on your desktop (as long as you don't store passwords in chrome, because there's a PoC for that, expect it to develop further)
<dstolfa>
as for mirage, you'd essentially have to willfully run a mirage unikernel which has this timing sidechannel inside of it
<dstolfa>
so, as long as you look at the code you run and don't start running things arbitrarily (which you shouldn't be doing anyway, as there are much more dangerous things that can happen), you'll be fine :)
<raboof>
yeah, those rumors of browser attack vectors make me uneasy ;)
<dstolfa>
the PoC for chrome was essentially reading in-process memory from JS, which could be used to read your passwords if you store them in there
<dstolfa>
but if you do what you should be doing anyway and using a different process to do so, that PoC can't be used for that. that's not to say someone can't create a very sophisticated exploit that goes further into kernel memory and targets other things
<dstolfa>
but again... that dedicated of an attacker can do so more easily
argent_smith has joined #mirage
seangrove has quit [Ping timeout: 264 seconds]
argent_smith has quit [Quit: Leaving.]
demonimin has quit [Remote host closed the connection]
<gentauro>
anybody awake? :)
<gentauro>
So I made a xen unikernel (mirage-skeleton/tutorial/hello/hello.xen) and I would like to run it from my Qubes OS?