Reflections on Rousting Rust?
Upcoming SlideShare
Loading in...5
×
 

Reflections on Rousting Rust?

on

  • 1,917 views

Backdoors in the Linux Kernel

Backdoors in the Linux Kernel
Backdoors in Rust
Dining Philosophers

Statistics

Views

Total Views
1,917
Views on SlideShare
315
Embed Views
1,602

Actions

Likes
0
Downloads
3
Comments
0

5 Embeds 1,602

http://rust-class.org 950
http://www.cs.virginia.edu 632
http://www.rust-class.org 17
https://www.google.com 2
http://www.google.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Reflections on Rousting Rust? Reflections on Rousting Rust? Presentation Transcript

  • Plan for Today • Backdoors in Linux and Rust? • Nishant’s Talk Today • Midterm – Last chance to ask questions on anything we’ve covered so far (until after Midterm) • Dining Philosophers 10 October 2013 University of Virginia cs4414 1
  • Is there a backdoor in the Linux kernel? 10 October 2013 University of Virginia cs4414 2
  • Detected Nearly Successful Attempt (2003) 10 October 2013 University of Virginia cs4414 3 https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003/ if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL; Code added to wait4 (kernel-level) program to “support new options for root-level user”:
  • 10 October 2013 University of Virginia cs4414 4
  • 10 October 2013 University of Virginia cs4414 5
  • Could this happen with Rust? 10 October 2013 University of Virginia cs4414 6 if ((options == (__WCLONE|__WALL)) && (current_uid = 0)) { retval = -EINVAL; } gash> rustc assign.rs assign.rs:9:42: 9:60 error: mismatched types: expected `bool` but found `()` (expected bool but found ()) assign.rs:9 if ((options == (__WCLONE|__WALL)) && (current_uid = 0)) { ^~~~~~~~~~~~~~~~~~ error: aborting due to previous error
  • How hard would it be to place a “backdoor” in Rust? 10 October 2013 University of Virginia cs4414 7 Constructing a backdoor in Rust: any Rust program that does not use unsafe, but for which the compiler outputs a binary that is not type safe.
  • 10 October 2013 University of Virginia cs4414 8 Ken Thompson’s 1983 Turing Award Acceptance Speech
  • Thompson’s “Trusting Trust” 10 October 2013 University of Virginia cs4414 9 Introduce a compiler bug will recognize “login” and compile it to include a backdoor login Bootstrap compiler Remove evidence of bug – its baked into future compilers through the bootstrapped binary!
  • 10 October 2013 University of Virginia cs4414 10 Possible project idea: verify or (more likely) disprove this!
  • Nishant’s Talk Today! 10 October 2013 University of Virginia cs4414 11 6pm, Olsson 120
  • Midterm Exam Out now: https://docs.google.com/forms/d/113q31QJ3X-56XGXrElH_BCZts31qzKFxRbN57Cuyt0k/ 10 October 2013 University of Virginia cs4414 12 (Easier to follow link will be available shortly after class today.) 6 short answer questions (taken or adapted from the class notes) 1 longer answer synthesis question 1 programming question
  • Efficient Grading Algorithm 10 October 2013 University of Virginia cs4414 13 use std::rand; fn grade_midterm(answers: [~str]) -> float { let numq = answers.length; let urand = rand::random::<uint>() % numq; if good_answer(answers[urand]) { 1.0 } else if good_answer(answers[(urand + 1) % numq]) && good_answer(answers[(urand + 2) % numq]) { 1.0 } else { … // grade all answers } }
  • Efficient Grading Algorithm + Don’t Miss Interesting Answers 10 October 2013 University of Virginia cs4414 14 use std::rand; fn grade_midterm(answers: [~str]) -> float { if (/* answered question 9 */) return great_answer(answers[9]) && possibly look at other answers let numq = answers.length; let urand = rand::random::<uint>() % numq; if good_answer(answers[urand]) { 1.0 } else if good_answer(answers[(urand + 1) % numq]) && good_answer(answers[(urand + 2) % numq]) { 1.0 } else { … // grade all answers } }
  • Questions about Midterm 10 October 2013 University of Virginia cs4414 15
  • 10 October 2013 University of Virginia cs4414 16 Edsger Dijkstra (1930-2002) Sir Tony Hoare (born 1934)
  • 10 October 2013 University of Virginia cs4414 17
  • 10 October 2013 University of Virginia cs4414 18 Heraclitus Socrates Plato Aristotle Euclid 5 Dining Philosophers 5 Chopsticks (one between each pair) Need 2 chopsticks to eat
  • Djikstra’s (Hygenic) Version 10 October 2013 University of Virginia cs4414 19 In the canonical problem of the five dining philosophers, the philosophers, each of which alternatingly “thinks” and “eats”, are arranged cyclically, and no two neighbours may eat simultaneously. This constraint can be represented by placing the philosophers at the edges of a regular pentagon, each edge representing a pair- wise exclusion constraint between the two philosophers situated at its ends. Is this equivalent to the shared chopsticks?
  • Solution Desiderata • No communication required • No deadlock • No starvation: everyone gets to eat eventually • Fair: each philosopher has equal likelihood of getting to eat 10 October 2013 University of Virginia cs4414 20
  • 10 October 2013 University of Virginia cs4414 21 Heraclitus Socrates Plato Aristotle Euclid Could all the philosophers starve?
  • 10 October 2013 University of Virginia cs4414 22
  • Dijkstra’s Solution (Idea) Number the chopsticks, always grab lower- numbered stick first Does it matter how the chopsticks are numbered? 10 October 2013 University of Virginia cs4414 23
  • How does UVaCOLLAB solve this? 10 October 2013 University of Virginia cs4414 24 “UVaCollab is an advanced web-based course and collaboration environment”
  • 10 October 2013 University of Virginia cs4414 25 “Best Practices for Working in UVaCollab” • Don't allow multiple graders to grade the same students at the same time, although it's fine to grade different sections of students. • Don't open multiple browser tabs and windows while engaged in grading activities. • Avoid double-clicking links and buttons in UVaCollab as doing so may slow down response times. A single-click is all it takes.
  • The Real Challenge was to “Invent the Chopstick” Binary Semaphore Lock that can be held by up to one process 10 October 2013 University of Virginia cs4414 26
  • 10 October 2013 University of Virginia cs4414 27 type Semaphore = Option<uint> ; // either None (available) or owner static mut count: uint = 0; // protected by lock static mut lock: Semaphore = None; fn grab_lock(id: uint) { while (lock.is_some()) { ; } // wait for lock lock = Some(id); } fn release_lock() { lock = None; } fn update_count(id: uint) { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); } fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } } }
  • 10 October 2013 University of Virginia cs4414 28 type Semaphore = Option<uint> ; // either None (available) or owner static mut count: uint = 0; // protected by lock static mut lock: Semaphore = None; fn grab_lock(id: uint) { while (lock.is_some()) { ; } // wait for lock lock = Some(id); } fn release_lock() { lock = None; } fn update_count(id: uint) { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); } fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } } } FAIL! This is unsafe: semaphore.rs:9:11: 9:15 error: use of mutable static requires unsafe function or block semaphore.rs:9 while (lock.is_some()) { …
  • 10 October 2013 University of Virginia cs4414 29 type Semaphore = Option<uint> ; // either None (available) or owner static mut count: uint = 0; // protected by lock static mut lock: Semaphore = None; fn grab_lock(id: uint) { unsafe { while (lock.is_some()) { ; } lock = Some(id); } } fn release_lock() { unsafe { lock = None; } } fn update_count(id: uint) { unsafe { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); } } fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } } } What will the final count be?
  • 10 October 2013 University of Virginia cs4414 30 gash> ./semaphore > run1.txt gash> ./semaphore > run2.txt gash> ./semaphore > run3.txt gash> tail -1 run1.txt Count updated by 8u: 9968u gash> tail -1 run2.txt Count updated by 9u: 9951u gash> tail -1 run3.txt Count updated by 9u: 9950u
  • 10 October 2013 University of Virginia cs4414 31 type Semaphore = Option<uint> ; // either None (available) or owner static mut count: uint = 0; // protected by lock static mut lock: Semaphore = None; fn grab_lock(id: uint) { unsafe { while (lock.is_some()) { ; } lock = Some(id); } } fn release_lock() { unsafe { lock = None; } } fn update_count(id: uint) { unsafe { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); } } fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } } }
  • 10 October 2013 University of Virginia cs4414 32 fn update_count(id: uint) { unsafe { grab_lock(id); assert!(match lock { None => false, Some(lockee) => lockee == id}); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); } } Count updated by 1u: 710u Count updated by 2u: 710u Count updated by 1u: 711u Count updated by 2u: 713uCount updated by 1u: 713u Count updated by 2u: 714u Count updated by 2u: 715u task <unnamed> failed at 'assertion failed: match lock { None => false, Some(lockee) => lockee == id }', semaphore.rs:26 Count updated by 2u: 716u Count updated by 2u: 717u
  • http://rosettacode.org/wiki/Dining_ philosophers 10 October 2013 University of Virginia cs4414 33
  • Charge • If you don’t want to do the midterm, contribute a satisfactory Dining Philosophers in Rust to rosettacode.org • Otherwise (unless you are already exempt by solving a challenge), submit the midterm by 11:59pm Monday, October 14 10 October 2013 University of Virginia cs4414 34