Subj : Re: Minix
To   : Nightfox
From : tenser
Date : Fri Apr 19 2024 08:19 am

On 18 Apr 2024 at 09:51a, Nightfox pondered and said...
 
 Ni>   Re: Re: Minix
 Ni>   By: tenser to Skylar on Fri Apr 19 2024 12:30 am
 Ni> 
 Ni>  te> The joke was that there have been several very high-profile bugs in t
 Ni>  te> ME; not due to Minix per se, but rather due to code that Intel wrote.
 Ni> 
 Ni> I worked at Intel for a little over 8 years.  I was in a team working on
 Ni> security software, and one component of the first project I worked on
 Ni> with them used the Intel ME.  It was interesting to learn about that
 Ni> stuff..  Later, the team worked on some software using Intel's SGX
 Ni> (Software Guard Extensions), which I heard also had some security flaws
 Ni> and was later discontinued.

The bug I was thinking of was rather pedestrian, and was in
the built-in web server.  It validated a user-supplied password
against one that was stored somewhere (presumably flash or some
kind of NVRAM).  The code was basically,

    if (strncmp(pass, userpass, strlen(userpass)) == 0) {
        return SUCCESS;
    } else {
        return FAILURE;
    }

The bug, of course, is constraining to the length of the user
supplied password; the effect was that entering _no_ password
automatically authenticated the password (empty strings always
compare equal).  The fix is to read the user password into a
pre-zeroed buffer the same size as `pass` and then compare.

The issue with SGX was that it was easy to break out of the
enclave.  Whoops.

--- Mystic BBS v1.12 A48 (Linux/64)
 * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

.