|
|
Log in / Subscribe / Register

Firefox 104 released

[Posted August 23, 2022 by corbet]

Version 104 of the Firefox browser has been released. The most interesting new feature, perhaps, is the ability to analyze a web site's power usage — but that feature is not available on Linux.
to post comments

Firefox 104 released

Posted Aug 23, 2022 22:58 UTC (Tue) by flussence (guest, #85566) [Link] (9 responses)

To be fair, Linux itself got rid of power consumption hwmon interfaces a few months ago because they were fine-grained enough to be a pretty nasty sidechannel. IIRC they're still there as root-privileged counters in `perf` if anyone really wants to measure them.

Firefox 104 released

Posted Aug 24, 2022 13:43 UTC (Wed) by deater (subscriber, #11746) [Link] (7 responses)

> To be fair, Linux itself got rid of power consumption hwmon interfaces a few months ago

Do you have more info on that? I'm having trouble searching it up.

It was a bit silly that there were 3 different ways to get RAPL values from the kernel, and that the hwmon one was essentially unprotected by permissions checks. This does have the potential to break various userspace things though, and as with a lot of these things I'm never really convinced the security benefits outweigh the loss of functionality.

Firefox 104 released

Posted Aug 24, 2022 14:42 UTC (Wed) by flussence (guest, #85566) [Link] (5 responses)

> Do you have more info on that? I'm having trouble searching it up.

Here's a summary, and the commit message for 9049572fb has more details:
https://lkml.iu.edu/hypermail/linux/kernel/2104.3/01630.html

Firefox 104 released

Posted Aug 24, 2022 15:32 UTC (Wed) by farnz (subscriber, #17727) [Link]

For those without a local copy of the kernel git tree, this is commit 9049572fb and it references PLATYPUS: Software-based Power Side-Channel Attacks on x86 (DOI: 10.1109/SP40001.2021.00063, paywalled) as triggering the decision to remove the driver.

Abstract for those without full-text access:

Power side-channel attacks exploit variations in power consumption to extract secrets from a device, e.g., cryptographic keys. Prior attacks typically required physical access to the target device and specialized equipment such as probes and a high-resolution oscilloscope.In this paper, we present PLATYPUS attacks, which are novel software-based power side-channel attacks on Intel server, desktop, and laptop CPUs. We exploit unprivileged access to the Intel Running Average Power Limit (RAPL) interface that exposes values directly correlated with power consumption, forming a low-resolution side channel.We show that with sufficient statistical evaluation, we can observe variations in power consumption, which distinguish different instructions and different Hamming weights of operands and memory loads. This enables us to not only monitor the control flow of applications but also to infer data and extract cryptographic keys. We demonstrate how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel, break kernel address-space layout randomization (KASLR), infer secret instruction streams, and establish a timing-independent covert channel. We also present a privileged attack on mbed TLS, utilizing precise execution control to recover RSA keys from an SGX enclave. We discuss countermeasures and show that mitigating these attacks in a privileged context is not trivial.

Firefox 104 released

Posted Aug 28, 2022 9:31 UTC (Sun) by geuder (subscriber, #62854) [Link] (3 responses)

Excuse my ignorance, I am largely unfamiliar with hwmon. Why are privileged-only drivers unacceptable? Of course I don't want that my browser and other untrusted code access sensitivity data. But as root I want to have full access to my hardware.

Firefox 104 released

Posted Aug 28, 2022 10:51 UTC (Sun) by mjg59 (subscriber, #23239) [Link] (2 responses)

Being root does not inherently mean that you should have direct access to secrets that are held by the kernel, for instance. As a device owner you should have the ability to make that possible, but there's no reason in general that any runtime process running as root that has a vulnerability should be able to extract my disk encryption key.

Firefox 104 released

Posted Aug 28, 2022 12:34 UTC (Sun) by geuder (subscriber, #62854) [Link] (1 responses)

Right, the old model of root can do everything has been known to be not enough for ages. Then we got CAP_SYS_MAINTAINER which did not really help that much...

In a single user system like my Linux workstation or also any R&D system I need to do performance analysis on full access is what I want.

On the other side having my code running in the cloud, doesn't make me wanting that the sysadmin or even my virtual neighbor can extract my keys. But with current hardware that's never fully impossible, at least not in the sysadmin case.

What surprised me here that a Linux driver has been removed, obviously with the argument that it can be misused by root? Or what was the exact argument of privileged-only drivers should not exist in hwmon? It feels with this argument a lot of code would need to be removed from the kernel.

Firefox 104 released

Posted Sep 9, 2022 19:43 UTC (Fri) by flussence (guest, #85566) [Link]

The problem was that it created the first instance of a bunch of chmod-0400 files in /sys/class/hwmon, and it turns out libsensors has no grace when it's unexpectedly told "no" - error spam everywhere in `sensors` output. That constitutes a breakage of the kernel's stable userspace API rule and the only solution was to revert it outright.

Firefox 104 released

Posted Aug 24, 2022 16:29 UTC (Wed) by deater (subscriber, #11746) [Link]

and it turns out hwmon was actually a *fourth* independent way of getting RAPL results on Linux, the one I was thinking of was actually the powercap interface though it appears that one was similarly locked down in the 5.10 timeframe
949dd0104c496fa7c14991a23c03c62e44637e71

I actually tried to make some noise when the powercap stuff got introduced and how it probably shouldn't have been available to regular users, but I've found that it can be really difficult as a regular user to get kernel developers to take your concerns seriously, especially when they are backed by a large company.

I've recently had some concerns about some interface changes the ARM developers have been making in the perf_event area but my complaints are just brushed off and the perf maintainers seemed to be (literally) off on vacation and not responding.

Firefox 104 released

Posted Aug 25, 2022 11:15 UTC (Thu) by imphil (subscriber, #62487) [Link]

What granularity provide Windows and macOS, compared to Linux, assuming that the interfaces on macOS and Windows are safe to use?

Firefox 104 released

Posted Aug 24, 2022 10:29 UTC (Wed) by sweimann (subscriber, #762) [Link]

Power monitoring only works on Win11 and MacOS with Apple silicon (M1/M2).


Copyright © 2022, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds