Re: [9fans] Spectre and Meltdown

Re: [9fans] Spectre and Meltdown

[cinap_lenrek]

wait and see if all these scrambled together mitigations actually work.

9front is not in the business of selling shared computing environments
(or sell executable javascript ads) to untrusted strangers.

that was never really safe to begin with. there will be bugs in software
and hardware. and there will be side channels.

if you are concerned about security and leaks then run your authentication
server on a dedicated box and applications on your own terminal.

--
cinap

Re: [9fans] Spectre and Meltdown

[Skip Tavakkolian]

[-- Attachment #1: Type: text/plain, Size: 1103 bytes --]

good advice. i agree with the wait-and-see. i'm not convinced that this
issue is solvable.

using pip, npm and all the other ways of importing random code from
who-knows-where is insanity and plan9 systems (mostly?) avoid this practice.
having dedicated auth and fs servers (don't allow cpu'ing) and using
terminals for each user is a good practice.
a terminal on an affected processor can still compromise your factotum data
in memory. rpi3 is a safe choice and, for plan9, probably the best choice.



On Wed, Jan 10, 2018 at 8:59 AM, <cinap_lenrek@felloff.net> wrote:

> wait and see if all these scrambled together mitigations actually work.
>
> 9front is not in the business of selling shared computing environments
> (or sell executable javascript ads) to untrusted strangers.
>
> that was never really safe to begin with. there will be bugs in software
> and hardware. and there will be side channels.
>
> if you are concerned about security and leaks then run your authentication
> server on a dedicated box and applications on your own terminal.
>
> --
> cinap
>
>

[-- Attachment #2: Type: text/html, Size: 1503 bytes --]

Re: [9fans] Spectre and Meltdown

[Erik Quanstrom]

[-- Attachment #1: Type: text/html, Size: 1877 bytes --]

Re: [9fans] Spectre and Meltdown

[Skip Tavakkolian]

[-- Attachment #1: Type: text/plain, Size: 1532 bytes --]

i think "javascript in the browser" is implied here. and that is a HUGE
gate to close.

fortunately, we don't have such browsers in plan9 :)

On Wed, Jan 10, 2018 at 11:41 AM, Erik Quanstrom <quanstro@quanstro.net>
wrote:

> to be fair, this vulnerability can be exploited with plain old JavaScript.
>
> On Jan 10, 2018 11:32, Skip Tavakkolian <skip.tavakkolian@gmail.com>
> wrote:
>
> good advice. i agree with the wait-and-see. i'm not convinced that this
> issue is solvable.
>
> using pip, npm and all the other ways of importing random code from
> who-knows-where is insanity and plan9 systems (mostly?) avoid this practice.
> having dedicated auth and fs servers (don't allow cpu'ing) and using
> terminals for each user is a good practice.
> a terminal on an affected processor can still compromise your factotum
> data in memory. rpi3 is a safe choice and, for plan9, probably the best
> choice.
>
>
>
> On Wed, Jan 10, 2018 at 8:59 AM, <cinap_lenrek@felloff.net> wrote:
>
> wait and see if all these scrambled together mitigations actually work.
>
> 9front is not in the business of selling shared computing environments
> (or sell executable javascript ads) to untrusted strangers.
>
> that was never really safe to begin with. there will be bugs in software
> and hardware. and there will be side channels.
>
> if you are concerned about security and leaks then run your authentication
> server on a dedicated box and applications on your own terminal.
>
> --
> cinap
>
>
>
>

[-- Attachment #2: Type: text/html, Size: 2556 bytes --]

Re: [9fans] Spectre and Meltdown

[Erik Quanstrom]

[-- Attachment #1: Type: text/html, Size: 2746 bytes --]

Re: [9fans] Spectre and Meltdown

[Skip Tavakkolian]

[-- Attachment #1: Type: text/plain, Size: 1812 bytes --]

yep. i mentioned npm, but there are a few more.

On Wed, Jan 10, 2018 at 12:56 PM, Erik Quanstrom <quanstro@quanstro.net>
wrote:

> it is also exploitable in node.js.
>
> On Jan 10, 2018 12:52, Skip Tavakkolian <skip.tavakkolian@gmail.com>
> wrote:
>
> i think "javascript in the browser" is implied here. and that is a HUGE
> gate to close.
>
> fortunately, we don't have such browsers in plan9 :)
>
> On Wed, Jan 10, 2018 at 11:41 AM, Erik Quanstrom <quanstro@quanstro.net>
> wrote:
>
> to be fair, this vulnerability can be exploited with plain old JavaScript.
>
> On Jan 10, 2018 11:32, Skip Tavakkolian <skip.tavakkolian@gmail.com>
> wrote:
>
> good advice. i agree with the wait-and-see. i'm not convinced that this
> issue is solvable.
>
> using pip, npm and all the other ways of importing random code from
> who-knows-where is insanity and plan9 systems (mostly?) avoid this practice.
> having dedicated auth and fs servers (don't allow cpu'ing) and using
> terminals for each user is a good practice.
> a terminal on an affected processor can still compromise your factotum
> data in memory. rpi3 is a safe choice and, for plan9, probably the best
> choice.
>
>
>
> On Wed, Jan 10, 2018 at 8:59 AM, <cinap_lenrek@felloff.net> wrote:
>
> wait and see if all these scrambled together mitigations actually work.
>
> 9front is not in the business of selling shared computing environments
> (or sell executable javascript ads) to untrusted strangers.
>
> that was never really safe to begin with. there will be bugs in software
> and hardware. and there will be side channels.
>
> if you are concerned about security and leaks then run your authentication
> server on a dedicated box and applications on your own terminal.
>
> --
> cinap
>
>
>
>
>
>

[-- Attachment #2: Type: text/html, Size: 3319 bytes --]

Re: [9fans] Spectre and Meltdown

[Richard Miller]

> rpi3 is a safe choice

Safe against spectre perhaps, but there are interesting remote attacks
against the firmware in the bcm43xx wifi engine.  I wouldn't want to bet
on plan 9's immunity to some variant of broadpwn.

Re: [9fans] Spectre and Meltdown

[Bakul Shah]

On Wed, 10 Jan 2018 23:46:47 +0000 Richard Miller <9fans@hamnavoe.com> wrote:
Richard Miller writes:
> > rpi3 is a safe choice
>
> Safe against spectre perhaps, but there are interesting remote attacks
> against the firmware in the bcm43xx wifi engine.  I wouldn't want to bet
> on plan 9's immunity to some variant of broadpwn.

CVE-2017-9417.  Poking around the 'net I found

https://github.com/raspberrypi/linux/issues/1342#issuecomment-321221748

Need Linux to run this but does not fix the problem?

Though there seems to be another unrelated problem that seems
not quite fixed.

Re: [9fans] broadpwn (was Spectre and Meltdown)

[Richard Miller]

> https://github.com/raspberrypi/linux/issues/1342#issuecomment-321221748
>
> Need Linux to run this but does not fix the problem?

No need for linux. If you don't mind installing firmware from random files
on drive.google.com, you can grab the tarball referenced from the url above,
unpack it, and copy brcmfmac43430-sdio.^(bin txt) into /sys/lib/firmware
on your pi3 or pi0w.

You will need to pad the .bin file to a multiple of 2048 bytes (eg by
appending from /dev/zero) otherwise the verify after loading seems to fail.
If you use the piwifi kernel (rootfs from wifi) as opposed to the pi3 kernel
(rootfs from ethernet or sdcard with access to wifi), you'll want to rebuild
the kernel in order to get the updated files into the /boot builtin fs.

There should be a more definitive source for the firmware files somewhere.

> Though there seems to be another unrelated problem that seems
> not quite fixed.

The other two fixes mentioned in that issue (turning off power management
and harcoding packet priority to zero) were already in the plan 9 driver.

Re: [9fans] Spectre and Meltdown

[Skip Tavakkolian]

[-- Attachment #1: Type: text/plain, Size: 554 bytes --]

yes; i had forgotten about that.  fortunately there's the ethernet port.

https://www.blackhat.com/docs/us-17/thursday/us-17-Artenstein-Broadpwn-Remotely-Compromising-Android-And-iOS-Via-A-Bug-In-Broadcoms-Wifi-Chipsets.pdf



On Wed, Jan 10, 2018 at 3:46 PM, Richard Miller <9fans@hamnavoe.com> wrote:

> > rpi3 is a safe choice
>
> Safe against spectre perhaps, but there are interesting remote attacks
> against the firmware in the bcm43xx wifi engine.  I wouldn't want to bet
> on plan 9's immunity to some variant of broadpwn.
>
>
>

[-- Attachment #2: Type: text/html, Size: 1123 bytes --]

Re: [9fans] Spectre and Meltdown

[hiro]

when did you implement wifi on the rpi?!

Re: [9fans] Spectre and Meltdown

[Rui Carmo]

If that’s working with WPA2, I’m interested too.

> On 11 Jan 2018, at 09:35, hiro <23hiro@gmail.com> wrote:
> 
> when did you implement wifi on the rpi?!
> 

Re: [9fans] Spectre and Meltdown

[Richard Miller]

> when did you implement wifi on the rpi?!

Late 2016.  And yes, it works with wpa2 (thanks to cinap's aux/wpa).

Re: [9fans] Spectre and Meltdown

[hiro]

Cool, so we now have a lot of wifi support in total. never imagined that.

There's prism(Lucent WaveLAN), Ralink RT2860, Ralink RT3090, a bunch
of intels, AND that rpi.

IIUC only the wavelan stuff has hardmac, so no wifi.c -> no wpa2 there.

[9fans] Spectre and Meltdown

[Jules Merit]

23hiro now has dead 46 planberries, no see front
c h ke

On Fri, Jan 12, 2018 at 3:45 AM, hiro <23hiro at gmail.com> wrote:
> Cool, so we now have a lot of wifi support in total. never imagined that.
>
> There's prism(Lucent WaveLAN), Ralink RT2860, Ralink RT3090, a bunch
> of intels, AND that rpi.
>
> IIUC only the wavelan stuff has hardmac, so no wifi.c -> no wpa2 there.
>

[9fans] Spectre and Meltdown

[Jules Merit]

srv ieee-754 trouble, GDS-II stream

On Mon, Jan 15, 2018 at 4:51 PM, Jules Merit
<jules.merit.eurocorp.us at gmail.com> wrote:
> 23hiro now has dead 46 planberries, no see front
> c h ke
>
> On Fri, Jan 12, 2018 at 3:45 AM, hiro <23hiro at gmail.com> wrote:
>> Cool, so we now have a lot of wifi support in total. never imagined that.
>>
>> There's prism(Lucent WaveLAN), Ralink RT2860, Ralink RT3090, a bunch
>> of intels, AND that rpi.
>>
>> IIUC only the wavelan stuff has hardmac, so no wifi.c -> no wpa2 there.
>>

[9fans] Spectre and Meltdown

[Giacomo Tesio]

2018-01-10 17:59 GMT+01:00  <cinap_lenrek at felloff.net>:
> wait and see if all these scrambled together mitigations actually work.

Sorry if this is a dumb question, but the descriptions I read of the
mitigations taken in Linux for Meltdown (in particular kernel
page-table isolation) sound really familiar to my poor understanding
of how plan 9 and 9front already manage user memory.

As far as I can remember plan9 flush tables very often and clearly
separate kernel memory pages and user space memory.


So my dumb question is: are plan9/9front and friends actually
vulnerable to Meltdown?


Giacomo

Re: [9fans] Spectre and Meltdown

[cinap_lenrek]

> As far as I can remember plan9 flush tables very often and clearly
> separate kernel memory pages and user space memory.

no. the kernel is mapped in each user process but with PTEUSER bits
clear (owner bit) in the pte so user process cannot access it
(but with meltdown, it can).

--
cinap

Re: [9fans] Spectre and Meltdown

[cinap_lenrek]

> all binaries on any repo (9p.io, 9front.org, bell-labs.com) are taken on
> faith to be safe; but it applies there too.
> does anyone read all the various rc scripts carefully?

how's that comparable? the broken promise is that web
code will be contained in the browser tab so nobody needs
to trust that code. and we can just run it. that assumption
is proven over and over again to not be true due to bugs
in the interpreter and bugs in the massive libraries exposed
to it and now theres a case where its broken even if there is
no obvious flaw in the interpreter.

nobody promised, or tried to do that with a plan9 process.

code running in plan9 can do whatever you can do. and
easily crash the whole system. so you obviouly need to
be cautous about what you run.

and yes, you should read the code.

--
cinap

Re: [9fans] Spectre and Meltdown

[Skip Tavakkolian]

[-- Attachment #1: Type: text/plain, Size: 1328 bytes --]

we foolishly assumed that intel and other cpu manufacturers would not do
stupid things, out of self interest, if nothing else.
stupid things like put a whole processor hidden inside every cpu since
pentium, running minix that "manages" what you thought was "your" cpu.
stupid things like have (and try to hide) instructions that allow one to
reprogram the microcode.


On Wed, Jan 10, 2018 at 1:43 PM, <cinap_lenrek@felloff.net> wrote:

> > all binaries on any repo (9p.io, 9front.org, bell-labs.com) are taken on
> > faith to be safe; but it applies there too.
> > does anyone read all the various rc scripts carefully?
>
> how's that comparable? the broken promise is that web
> code will be contained in the browser tab so nobody needs
> to trust that code. and we can just run it. that assumption
> is proven over and over again to not be true due to bugs
> in the interpreter and bugs in the massive libraries exposed
> to it and now theres a case where its broken even if there is
> no obvious flaw in the interpreter.
>
> nobody promised, or tried to do that with a plan9 process.
>
> code running in plan9 can do whatever you can do. and
> easily crash the whole system. so you obviouly need to
> be cautous about what you run.
>
> and yes, you should read the code.
>
> --
> cinap
>
>

[-- Attachment #2: Type: text/html, Size: 1949 bytes --]

Re: [9fans] Spectre and Meltdown

[Charles Forsyth]

[-- Attachment #1: Type: text/plain, Size: 1224 bytes --]

If Intel sells you lemons, make lemonade (ok, ok, at least a whiskey sour).
I myself welcome our new speculative overlords, and look forward to new
interesting predictions, and perhaps even a renewed interest in
single-address space systems, since that's what we've got.

On 10 January 2018 at 21:43, <cinap_lenrek@felloff.net> wrote:

> > all binaries on any repo (9p.io, 9front.org, bell-labs.com) are taken on
> > faith to be safe; but it applies there too.
> > does anyone read all the various rc scripts carefully?
>
> how's that comparable? the broken promise is that web
> code will be contained in the browser tab so nobody needs
> to trust that code. and we can just run it. that assumption
> is proven over and over again to not be true due to bugs
> in the interpreter and bugs in the massive libraries exposed
> to it and now theres a case where its broken even if there is
> no obvious flaw in the interpreter.
>
> nobody promised, or tried to do that with a plan9 process.
>
> code running in plan9 can do whatever you can do. and
> easily crash the whole system. so you obviouly need to
> be cautous about what you run.
>
> and yes, you should read the code.
>
> --
> cinap
>
>

[-- Attachment #2: Type: text/html, Size: 1812 bytes --]

Re: [9fans] Spectre and Meltdown

[cinap_lenrek]

yeah, and javascript was NEVER dangerous before. like it never
would steal your passwords or exploit bugs in the monstrosity
called a webbrowser. or ave bugs in the jit. all was perfectly
safe until now :-) we can perfectly trust the dozens of megabytes
injected from whoever pays the advertisement delivery network.
3d ads that is, because gpu drivers are bugfree.

i can't wait for javacript crypto implementations that will
totally be free of timing side channels...

--
cinap

Re: [9fans] Spectre and Meltdown

[Erik Quanstrom]

[-- Attachment #1: Type: text/html, Size: 242 bytes --]

Re: [9fans] Spectre and Meltdown

[Skip Tavakkolian]

[-- Attachment #1: Type: text/plain, Size: 770 bytes --]

all binaries on any repo (9p.io, 9front.org, bell-labs.com) are taken on
faith to be safe; but it applies there too.
does anyone read all the various rc scripts carefully?


On Wed, Jan 10, 2018 at 12:30 PM, <cinap_lenrek@felloff.net> wrote:

> yeah, and javascript was NEVER dangerous before. like it never
> would steal your passwords or exploit bugs in the monstrosity
> called a webbrowser. or ave bugs in the jit. all was perfectly
> safe until now :-) we can perfectly trust the dozens of megabytes
> injected from whoever pays the advertisement delivery network.
> 3d ads that is, because gpu drivers are bugfree.
>
> i can't wait for javacript crypto implementations that will
> totally be free of timing side channels...
>
> --
> cinap
>
>

[-- Attachment #2: Type: text/html, Size: 1211 bytes --]

[9fans] Spectre and Meltdown

[G B]

With the release of information about Spectre and Meltdown, and that Microsoft and Linux have released patches for Meltdown and Apple soon to release a patch, I am wondering how Meltdown, or even Spectre, would or wouldn't affect Plan 9 and/or 9front given the use of namespaces.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.9fans.net/private/9fans/attachments/20180104/85830349/attachment.html>

Re: [9fans] Spectre and Meltdown

[Skip Tavakkolian]

[-- Attachment #1: Type: text/plain, Size: 516 bytes --]

If your processor isn't affected, microcode patching and os work-around is
not needed. For example, intel atom d525, amd athlon 64 x2, arm7 (rpi's),
mips are fine.

On Jan 4, 2018 5:50 AM, "G B" <g_patrickb@yahoo.com> wrote:

With the release of information about Spectre and Meltdown, and that
Microsoft and Linux have released patches for Meltdown and Apple soon to
release a patch, I am wondering how Meltdown, or even Spectre, would or
wouldn't affect Plan 9 and/or 9front given the use of namespaces.

[-- Attachment #2: Type: text/html, Size: 1019 bytes --]