Trusting the Tools - was Re: Open Source ...

Bill Frantz frantz at pwpconsult.com
Wed Oct 15 15:14:27 EDT 2003 

At 1:27 AM -0700 10/12/03, Thor Lancelot Simon wrote:
>On Thu, Oct 09, 2003 at 07:45:01PM -0700, Bill Frantz wrote:
>> With KeyKOS, we used the argument that since the assembler we were using
>> was written and distributed before we designed KeyKOS, it was not feasible
>> to include code to subvert KeyKOS.  How do people feel about this form of
>> argument?
>
>Not too good.  If I knew what the target processor were, I think I could
>arrange to do some damage to most general-purpose operating systems; they
>all have to do some of the same fundamental things.
>
>This is a bit more sophisticated than what Thompson's compiler did, but
>it's the same basic idea.  There are some basic operations (in particular
>on the MMU) that you can recognize regardless of their specific form and
>subvert in a progammatic manner such that it's highly likely that you can
>exploit the resulting weakness at a later date, I think.

I can see a possible attack here.  Assume you notice the instruction that
loads the base address of the memory map into the machine's control
register.  You add some instructions that make all the pages in that memory
map R/W.  Now as an attacker you can change the (shared) code of any
program you can map into your address space.

Of course, this attack might be noticed if, for example, a program which
makes copies of pages (aka virtual copies) as they are modified is included
in the system.  This program would totally fail to work, and that failure
is likely to be noticed.


At 10:29 PM -0700 10/12/03, kent at songbird.com wrote:
>The process you describe is a rather daunting task, especially given
>that all that is really necessary is a very small bit of code to load
>more code from a different file.

It seems difficult develop code to access a file system that hasn't been
designed yet.  Particularly the KeyKOS "file system" where all data was
kept in permanent virtual memory.

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz        | "There's nothing so clear as a | Periwinkle
(408)356-8506      | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet." -- Dean Tribble     | Los Gatos, CA 95032


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list