Firefox 104 released

Posted Aug 24, 2022 14:42 UTC (Wed) by flussence (guest, #85566)
In reply to: Firefox 104 released by deater
Parent article: Firefox 104 released

> Do you have more info on that? I'm having trouble searching it up.

Here's a summary, and the commit message for 9049572fb has more details:
https://lkml.iu.edu/hypermail/linux/kernel/2104.3/01630.html

to post comments

Firefox 104 released

Posted Aug 24, 2022 15:32 UTC (Wed) by farnz (subscriber, #17727) [Link]

For those without a local copy of the kernel git tree, this is commit 9049572fb and it references PLATYPUS: Software-based Power Side-Channel Attacks on x86 (DOI: 10.1109/SP40001.2021.00063, paywalled) as triggering the decision to remove the driver.

Abstract for those without full-text access:

Power side-channel attacks exploit variations in power consumption to extract secrets from a device, e.g., cryptographic keys. Prior attacks typically required physical access to the target device and specialized equipment such as probes and a high-resolution oscilloscope.In this paper, we present PLATYPUS attacks, which are novel software-based power side-channel attacks on Intel server, desktop, and laptop CPUs. We exploit unprivileged access to the Intel Running Average Power Limit (RAPL) interface that exposes values directly correlated with power consumption, forming a low-resolution side channel.We show that with sufficient statistical evaluation, we can observe variations in power consumption, which distinguish different instructions and different Hamming weights of operands and memory loads. This enables us to not only monitor the control flow of applications but also to infer data and extract cryptographic keys. We demonstrate how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel, break kernel address-space layout randomization (KASLR), infer secret instruction streams, and establish a timing-independent covert channel. We also present a privileged attack on mbed TLS, utilizing precise execution control to recover RSA keys from an SGX enclave. We discuss countermeasures and show that mitigating these attacks in a privileged context is not trivial.

Firefox 104 released

Posted Aug 28, 2022 9:31 UTC (Sun) by geuder (subscriber, #62854) [Link] (3 responses)

Excuse my ignorance, I am largely unfamiliar with hwmon. Why are privileged-only drivers unacceptable? Of course I don't want that my browser and other untrusted code access sensitivity data. But as root I want to have full access to my hardware.

Firefox 104 released

Posted Aug 28, 2022 10:51 UTC (Sun) by mjg59 (subscriber, #23239) [Link] (2 responses)

Being root does not inherently mean that you should have direct access to secrets that are held by the kernel, for instance. As a device owner you should have the ability to make that possible, but there's no reason in general that any runtime process running as root that has a vulnerability should be able to extract my disk encryption key.

Firefox 104 released

Posted Aug 28, 2022 12:34 UTC (Sun) by geuder (subscriber, #62854) [Link] (1 responses)

Right, the old model of root can do everything has been known to be not enough for ages. Then we got CAP_SYS_MAINTAINER which did not really help that much...

In a single user system like my Linux workstation or also any R&D system I need to do performance analysis on full access is what I want.

On the other side having my code running in the cloud, doesn't make me wanting that the sysadmin or even my virtual neighbor can extract my keys. But with current hardware that's never fully impossible, at least not in the sysadmin case.

What surprised me here that a Linux driver has been removed, obviously with the argument that it can be misused by root? Or what was the exact argument of privileged-only drivers should not exist in hwmon? It feels with this argument a lot of code would need to be removed from the kernel.

Firefox 104 released

Posted Sep 9, 2022 19:43 UTC (Fri) by flussence (guest, #85566) [Link]

The problem was that it created the first instance of a bunch of chmod-0400 files in /sys/class/hwmon, and it turns out libsensors has no grace when it's unexpectedly told "no" - error spam everywhere in `sensors` output. That constitutes a breakage of the kernel's stable userspace API rule and the only solution was to revert it outright.