| Svelte Hacker News

points by westurner 3 years ago

# Infosec Memory Safety

## Hardware

- Memory protection: https://en.wikipedia.org/wiki/Memory_protection

- NX Bit: https://en.wikipedia.org/wiki/NX_bit

- Can non-compiled languages (e.g. those with mutable code objects like Python) utilize the NX bit that the processor supports?

- Can TLA+ find side-channels (which bypass all software memory protection features other than encryption-in-RAM)?

- How do DMA and IOMMU hardware features impact software memory safety controls? https://news.ycombinator.com/item?id=23993763

- DMA: Direct Memory Access

- DMA attack > Mitigations: https://en.wikipedia.org/wiki/DMA_attack

- IOMMU: I-O Memory Management Unit; GPUs, Virtualization, https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_ma...

- Kernel IOMMU parameters: Ctrl-F "iommu": https://www.kernel.org/doc/html/latest/admin-guide/kernel-pa...

- RDMA: Remote direct memory access https://en.wikipedia.org/wiki/Remote_direct_memory_access

## Software

- Type safety > Memory management and type safety: https://en.wikipedia.org/wiki/Type_safety#Memory_management_...

- Memory safety > Types of memory errors: https://en.wikipedia.org/wiki/Memory_safety#Types_of_memory_...

- Template:Memory management https://en.wikipedia.org/wiki/Template:Memory_management

- Category:Memory_management https://en.wikipedia.org/wiki/Category:Memory_management

- Reference (computerscience) https://en.wikipedia.org/wiki/Reference_(computer_science)

- Pointer (computer programming) https://en.wikipedia.org/wiki/Pointer_(computer_programming)

- Smart pointer (computer programming) in C++: unique_ptr, shared_ptr and weak_ptr; Python: weakref, Arrow Plasma IPC, https://en.wikipedia.org/wiki/Smart_pointer

- Manual Memory Management > Resource Acquisition Is Initialization https://en.wikipedia.org/wiki/Manual_memory_management#Resou...

- Resource acquisition is initialization (C++ (1980s), D, Ada, Vala, Rust), #Reference_counting (Perl, Python (CPython,), PHP,) https://en.wikipedia.org/wiki/Resource_acquisition_is_initia...

- Ada > Language constructs > Concurrency https://en.wikipedia.org/wiki/Ada_(programming_language)#Con...

- C_dynamic_memory_allocation#Common_errors: https://en.wikipedia.org/wiki/C_dynamic_memory_allocation#Co...

- Python 3 > C-API > Memory Managment: https://docs.python.org/3/c-api/memory.html

- The Rust Programming Language > 4. Understanding Ownership > 4.1. What is Ownership? https://doc.rust-lang.org/book/ch04-00-understanding-ownersh...

- The Rust Programming Language > 6. Fearless Concurrency > Using Message Passing to Transfer Data Between Threads https://doc.rust-lang.org/book/ch16-02-message-passing.html#...

> One increasingly popular approach to ensuring safe concurrency is message passing, where threads or actors communicate by sending each other messages containing data. Here’s the idea in a slogan from the Go language documentation: “Do not communicate by sharing memory; instead, share memory by communicating.”

> To accomplish message-sending concurrency, Rust's standard library provides an implementation of channels. A channel is a general programming concept by which data is sent from one thread to another.

> You can imagine a channel in programming as being like a directional channel of water, such as a stream or a river. If you put something like a rubber duck into a river, it will travel downstream to the end of the waterway.

- The Rust Programming Language > 15. Smart Pointers > Smart Pointers: https://doc.rust-lang.org/book/ch15-00-smart-pointers.html

- The Rust Programming Language > 19. Advanced Features > Unsafe Rust: https://doc.rust-lang.org/book/ch19-01-unsafe-rust.html

- Secure Rust Guidelines > Memory management, > Checklist > Memory management: https://anssi-fr.github.io/rust-guide/05_memory.html

- Go 101 > "Type-Unsafe Pointers" https://go101.org/article/unsafe.html https://pkg.go.dev/unsafe

- https://github.com/rust-secure-code/projects#side-channel-vu...

- Segmentation fault > Causes, Examples, : https://en.wikipedia.org/wiki/Segmentation_fault

- "CWE CATEGORY: Pointer Issues" https://cwe.mitre.org/data/definitions/465.html

- "CWE CATEGORY: Memory Buffer Errors" https://cwe.mitre.org/data/definitions/1218.html

- "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" https://cwe.mitre.org/data/definitions/119.html

- "CWE CATEGORY: SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)" https://cwe.mitre.org/data/definitions/1162.html

- "CWE CATEGORY: CERT C++ Secure Coding Section 08 - Memory Management (MEM)" https://cwe.mitre.org/data/definitions/876.html

- SEI CERT C Coding Standard > "Rule 08. Memory Management (MEM)" https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pa...

- SEI CERT C Coding Standard > "Rec. 08. Memory Management (MEM)" https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pa...

- Invariance (computer science) https://en.wikipedia.org/wiki/Invariant_(mathematics)#Invari...

- TLA+ Model checker https://en.wikipedia.org/wiki/TLA%2B#Model_checker > The TLC model checker builds a finite state model of TLA+ specifications for checking invariance properties.

- Data remnance; after the process fails or is ended, RAM is not zeroed: https://en.wikipedia.org/wiki/Data_remanence

- Memory debugger; valgrind, https://en.wikipedia.org/wiki/Memory_debugger

- awesome-safety-critical https://awesome-safety-critical.readthedocs.io/en/latest/#so... ; Software Safety Standards, Handbooks; Formal Verification; backup/ https://github.com/stanislaw/awesome-safety-critical/tree/ma...

- > Additional lists of static analysis, dynamic analysis, SAST, DAST, and other source code analysis tools: https://news.ycombinator.com/item?id=24511280

westurner 3 years ago

TEE Trusted Execution Environment > Hardware support, TEE Operating Systems: https://en.wikipedia.org/wiki/Trusted_execution_environment#...

List of [SGX,] vulnerabilities: https://en.wikipedia.org/wiki/Software_Guard_Extensions#List...

Protection Ring: https://en.wikipedia.org/wiki/Protection_ring ... Memory Segmentation: https://en.wikipedia.org/wiki/Memory_segmentation

.data segment: https://en.wikipedia.org/wiki/Data_segment

.code segment: https://en.wikipedia.org/wiki/Code_segment

NX bit: https://en.wikipedia.org/wiki/No-execute_bit

Arbitrary code execution: https://en.wikipedia.org/wiki/Arbitrary_code_execution :

> This type of attack exploits the fact that most computers (which use a Von Neumann architecture) do not make a general distinction between code and data,[6][7] so that malicious code can be camouflaged as harmless input data. Many newer CPUs have mechanisms to make this harder, such as a no-execute bit. [8][9]

> - Memory debugger; valgrind, https://en.wikipedia.org/wiki/Memory_debugger

"The GDB developer's GNU Debugger tutorial, Part 1: Getting started with the debugger" (2021) https://developers.redhat.com/blog/2021/04/30/the-gdb-develo...

"Debugging Python C extensions with GDB" (2021) https://developers.redhat.com/articles/2021/09/08/debugging-... & "Python Devguide" > "GDB support" https://devguide.python.org/advanced-tools/gdb/ :

  run, where, frame, p(rint),
  py-list, py-up/py-down, py-bt, py-locals, py-print

/? site:github.com inurl:awesome inurl:gdb https://www.google.com/search?q=site%3Agithub.com+inurl%3Aaw...

/? vscode debugger: https://www.google.com/search?q=vscode+debugger

/? juyterlab debugger: https://www.google.com/search?q=jupyterlab+debugger

Ghidra: https://en.wikipedia.org/wiki/Ghidra

> Ghidra can be used as a debugger since Ghidra 10.0. Ghidra's debugger supports debugging user-mode Windows programs via WinDbg, and Linux programs via GDB. [11]

Ghidra 10.0 (2021) Release Notes: https://ghidra-sre.org/releaseNotes_10.0beta.html

"A first look at Ghidra's Debugger - Game Boy Advance Edition" (2022) https://wrongbaud.github.io/posts/ghidra-debugger/ :

> - Debugging a program with Ghidra using the GDB stub

> - Use the debugging capability to help us learn about how passwords are processed for a GBA game

/? site:github.com inurl:awesome ollydbg ghidra memory https://www.google.com/search?q=site%3Agithub.com+inurl%3Aaw...

Memory forensics: https://en.wikipedia.org/wiki/Memory_forensics

awesome-malware-analysis > memory-forensics: https://github.com/rshipp/awesome-malware-analysis/blob/main...

github.com/topics/memory-forensics: https://github.com/topics/memory-forensics :

- microsoft/avml: https://github.com/microsoft/avml :

    /dev/crash
    /proc/kcore
    /dev/mem

> NOTE: If the kernel feature `kernel_lockdown` is enabled, AVML will not be able to acquire memory.