upvote

points

by bluepeter12 hours ago |
comments
upvoteby vlovich1237 hours ago|
next
[-]
But the point here is that userspace can use this to bypass kernel protections that would otherwise prevent it from mutating R^X pages for example, not that the kernel can bypass its own.
reply
upvoteby im3w1l24 minutes ago|
parent|
[-]
Those protections are mainly about preventing well intentioned people from accidentally shooting themselves in the foot though, right? So it's not really a big deal that there is a way around it.
reply
upvoteby mschuster9112 hours ago|
prev|
next
[-]
> The kernel owns the page tables.

not entirely, IOMMU is a thing, that is IIRC how Amazon and other hyperscalers can promise you virtual machines whose memory cannot be touched even in the case the host is compromised (and, by extension, also if the feds arrive to v& your server).

reply
upvoteby gruez8 hours ago|
parent|
next
[-]
>how Amazon and other hyperscalers can promise you virtual machines whose memory cannot be touched even in the case the host is compromised (and, by extension, also if the feds arrive to v& your server).

Even if we take those promises at face value, it practically doesn't mean much because every server still needs to handle reboots, which is when they can inject their evil code.

reply
upvoteby Borealid8 hours ago|
parent|
[-]
MK-TME allows having memory encrypted at run time, and the platform TPM signs an attestation saying the memory was not altered.

Malicious code can't be injected at boot without breaking that TPM.

reply
upvoteby fc417fc8028 hours ago|
parent|
[-]
Subject to the huge caveat that the attacker does not have physical access. https://tee.fail/
reply
upvoteby Borealid5 hours ago|
parent|
next
[-]
An interesting implementation flaw, but not a conceptual problem with the design.
reply
upvoteby fc417fc8024 hours ago|
parent|
[-]
Well, it kind of is actually. The previous iteration of the design didn't have that vulnerability but it was slower because managing IVs within the given constraints adds an additional layer of complexity. This is the pragmatic compromise so to speak.

Does it count as a conceptual problem when technical challenges without an acceptable solution block your goal?

reply
upvoteby 5 hours ago|
parent|
prev|
[-]
deleted
reply
upvoteby ronsor10 hours ago|
parent|
prev|
[-]
If your threat model is being v& by feds, maybe you should keep your server at home behind Tor.
reply
upvoteby iberator1 hours ago|
parent|
[-]
Hosting tor outbound server at home is stupid idea.

Your home is gonna be raided by Police and you will wait months or year to get your shit back and then if nothing, gonna be charged for having pirated windows and Photoshop lol

real story

reply
upvoteby pjmlp4 hours ago|
prev|
[-]
Not really, of the security measures on Windows, is exactly to control how kernel can access secure process memory, as possible mitigation to attacks by rogue drivers.

Naturally it is the kind of stuff that requires Windows 11 vlatest with the nice Pluton security CPU, as part of CoPilot+ PCs design.

reply