[HN Gopher] One Byte to rule them all
___________________________________________________________________
One Byte to rule them all
Author : cjbprime
Score : 131 points
Date : 2020-07-30 16:35 UTC (2 days ago)
(HTM) web link (googleprojectzero.blogspot.com)
(TXT) w3m dump (googleprojectzero.blogspot.com)
| twoodfin wrote:
| Seems like the high-level lesson is that tagged unions as
| traditionally implemented can be vulnerable in a manner that
| pointer/address-focused mitigations don't affect?
| tlb wrote:
| Indeed, a small integer tag seems much more vulnerable than a
| C++ virtual table pointer.
|
| On modern hardware, how much is the penalty for using magic
| numbers instead of small indices? (A magic number meaning a
| constant like 0x85adb9ad instead of 2). The compiler can't
| optimize switch(it->type) using a jump table, but I suspect
| that branch prediction and speculation makes this optimization
| barely relevant.
| kevincox wrote:
| A jump table isn't likely used for very small unions anyways.
| The biggest downside that I see is that comparing with zero
| is slightly cheaper if that is a common value.
| fortran77 wrote:
| iOS is full of holes. How can Apple in good faith say it is
| "secure by design?" (See
| https://www.apple.com/business/docs/site/AAW_Platform_Securi... )
| glitchc wrote:
| Let's give a experienced group of hackers nearly unlimited
| budget to find security holes in your competitor's products.
|
| There's of course, zero bias in that approach, none whatsoever.
| /s
|
| If project zero spent even half as much time finding and fixing
| security exploits in Android as they do just finding exploits
| in IOS, Google would have a truly competitive product from a
| security perspective.
| as1mov wrote:
| FYI, it's not just Project Zero. Zerodium stopped paying for
| iOS exploits due to oversupply[1][2]
|
| [1]: https://appleinsider.com/articles/20/05/14/software-bug-
| brok...
|
| [2]: https://twitter.com/Zerodium/status/1260541578747064326
| cjsawyer wrote:
| The LotR section headings were a nice touch
| hootbootscoot wrote:
| great stuff
| simonebrunozzi wrote:
| > Project Zero
|
| > News and updates from the Project Zero team at Google
|
| >For the last several years, nearly all iOS kernel exploits ...
|
| Damn, Googlers... Still incapable of explaining things to people.
| What the hell is Project Zero? Why don't you explain it in your
| tagline? If not, why not at the beginning of the article?
|
| Edit: this sentence in the "about" section does the job:
|
| > Project Zero is a team of security researchers at Google who
| study zero-day vulnerabilities in the hardware and software
| systems that are depended upon by users around the world
|
| I suggest you change the tagline to something like "Studying
| zero-day vulnerabilities at Google".
| cjbprime wrote:
| Huh, I submitted this two days ago -- why does it say two hours
| ago?
| kencausey wrote:
| Assuming this was reposted 'automatically' you should have
| received an email from HN at the email associated with your HN
| account telling you that it was going to happen. At least I
| have received such emails in the past.
| DanBC wrote:
| dang talks about the "second chance" queue here:
| https://news.ycombinator.com/item?id=11662380
|
| Sometimes they see a post that didn't get attention, and so
| they re-up it. Usually, but not always, you get an email to let
| you know.
| cjbprime wrote:
| Thanks, that was it! (I didn't get an email.)
| simonebrunozzi wrote:
| I think you always get the email, perhaps it went into your
| spam folder?
|
| The first time I saw such an email I felt great!! Look for
| it.
| vasco wrote:
| It's common for mods to game the system and resubmit stories
| they believe are good.
| MaxLeiter wrote:
| Not sure why this is downvoted. They do do that.
| JoshTriplett wrote:
| Likely because "game the system" has a strong negative
| connotation that seems unwarranted.
| b4ke wrote:
| Only if you can actually speak to the motivation behind
| the act.... right?
| supernova87a wrote:
| It's the invited post list:
| https://news.ycombinator.com/invited
| trekrich wrote:
| So what does it mean?!
| formerly_proven wrote:
| iOS has a lot of layers and mitigations both in software and
| proprietary hardware that aren't found in other systems. Keep
| in mind that this story would be 20 % the length on other
| systems, because "physical memory read/write primitive" would
| be a total break.
| trekrich wrote:
| thanks for that.
___________________________________________________________________
(page generated 2020-08-01 23:00 UTC)