Plan for Today
• Backdoors in Linux and Rust?
• Nishant’s Talk Today
• Midterm
– Last chance to ask questions on anything ...
Is there a backdoor in the
Linux kernel?
10 October 2013 University of Virginia cs4414 2
Detected Nearly Successful Attempt
(2003)
10 October 2013 University of Virginia cs4414 3
https://freedom-to-tinker.com/bl...
10 October 2013 University of Virginia cs4414 4
10 October 2013 University of Virginia cs4414 5
Could this happen with Rust?
10 October 2013 University of Virginia cs4414 6
if ((options == (__WCLONE|__WALL)) && (curren...
How hard would it be to place a
“backdoor” in Rust?
10 October 2013 University of Virginia cs4414 7
Constructing a backdoo...
10 October 2013 University of Virginia cs4414 8
Ken Thompson’s 1983 Turing Award Acceptance Speech
Thompson’s “Trusting Trust”
10 October 2013 University of Virginia cs4414 9
Introduce a compiler bug
will recognize “login...
10 October 2013 University of Virginia cs4414 10
Possible project idea: verify or (more likely) disprove this!
Nishant’s Talk
Today!
10 October 2013 University of Virginia cs4414 11
6pm,
Olsson 120
Midterm Exam
Out now:
https://docs.google.com/forms/d/113q31QJ3X-56XGXrElH_BCZts31qzKFxRbN57Cuyt0k/
10 October 2013 Univer...
Efficient Grading Algorithm
10 October 2013 University of Virginia cs4414 13
use std::rand;
fn grade_midterm(answers: [~st...
Efficient Grading Algorithm
+ Don’t Miss Interesting Answers
10 October 2013 University of Virginia cs4414 14
use std::ran...
Questions about Midterm
10 October 2013 University of Virginia cs4414 15
10 October 2013 University of Virginia cs4414 16
Edsger Dijkstra (1930-2002) Sir Tony Hoare (born 1934)
10 October 2013 University of Virginia cs4414 17
10 October 2013 University of Virginia cs4414 18
Heraclitus
Socrates
Plato
Aristotle
Euclid
5 Dining Philosophers
5 Chopst...
Djikstra’s (Hygenic) Version
10 October 2013 University of Virginia cs4414 19
In the canonical problem of the five dining
...
Solution Desiderata
• No communication required
• No deadlock
• No starvation: everyone gets to eat eventually
• Fair: eac...
10 October 2013 University of Virginia cs4414 21
Heraclitus
Socrates
Plato
Aristotle
Euclid
Could all the
philosophers sta...
10 October 2013 University of Virginia cs4414 22
Dijkstra’s Solution (Idea)
Number the chopsticks,
always grab lower-
numbered stick first
Does it matter how the
chopstick...
How does UVaCOLLAB solve this?
10 October 2013 University of Virginia cs4414 24
“UVaCollab is an advanced
web-based course...
10 October 2013 University of Virginia cs4414 25
“Best Practices for Working in UVaCollab”
• Don't allow multiple graders ...
The Real Challenge was to
“Invent the Chopstick”
Binary Semaphore
Lock that can be held by up to one process
10 October 20...
10 October 2013 University of Virginia cs4414 27
type Semaphore = Option<uint> ; // either None (available) or owner
stati...
10 October 2013 University of Virginia cs4414 28
type Semaphore = Option<uint> ; // either None (available) or owner
stati...
10 October 2013 University of Virginia cs4414 29
type Semaphore = Option<uint> ; // either None (available) or owner
stati...
10 October 2013 University of Virginia cs4414 30
gash> ./semaphore > run1.txt
gash> ./semaphore > run2.txt
gash> ./semapho...
10 October 2013 University of Virginia cs4414 31
type Semaphore = Option<uint> ; // either None (available) or owner
stati...
10 October 2013 University of Virginia cs4414 32
fn update_count(id: uint) {
unsafe {
grab_lock(id);
assert!(match lock { ...
http://rosettacode.org/wiki/Dining_
philosophers
10 October 2013 University of Virginia cs4414 33
Charge
• If you don’t want to do the midterm,
contribute a satisfactory Dining Philosophers
in Rust to rosettacode.org
• O...
Reflections on Rousting Rust?
Upcoming SlideShare
Loading in …5
×

Reflections on Rousting Rust?

2,360 views

Published on

Backdoors in the Linux Kernel
Backdoors in Rust
Dining Philosophers

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,360
On SlideShare
0
From Embeds
0
Number of Embeds
1,904
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Reflections on Rousting Rust?

  1. 1. Plan for Today • Backdoors in Linux and Rust? • Nishant’s Talk Today • Midterm – Last chance to ask questions on anything we’ve covered so far (until after Midterm) • Dining Philosophers 10 October 2013 University of Virginia cs4414 1
  2. 2. Is there a backdoor in the Linux kernel? 10 October 2013 University of Virginia cs4414 2
  3. 3. Detected Nearly Successful Attempt (2003) 10 October 2013 University of Virginia cs4414 3 https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003/ if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL; Code added to wait4 (kernel-level) program to “support new options for root-level user”:
  4. 4. 10 October 2013 University of Virginia cs4414 4
  5. 5. 10 October 2013 University of Virginia cs4414 5
  6. 6. Could this happen with Rust? 10 October 2013 University of Virginia cs4414 6 if ((options == (__WCLONE|__WALL)) && (current_uid = 0)) { retval = -EINVAL; } gash> rustc assign.rs assign.rs:9:42: 9:60 error: mismatched types: expected `bool` but found `()` (expected bool but found ()) assign.rs:9 if ((options == (__WCLONE|__WALL)) && (current_uid = 0)) { ^~~~~~~~~~~~~~~~~~ error: aborting due to previous error
  7. 7. How hard would it be to place a “backdoor” in Rust? 10 October 2013 University of Virginia cs4414 7 Constructing a backdoor in Rust: any Rust program that does not use unsafe, but for which the compiler outputs a binary that is not type safe.
  8. 8. 10 October 2013 University of Virginia cs4414 8 Ken Thompson’s 1983 Turing Award Acceptance Speech
  9. 9. Thompson’s “Trusting Trust” 10 October 2013 University of Virginia cs4414 9 Introduce a compiler bug will recognize “login” and compile it to include a backdoor login Bootstrap compiler Remove evidence of bug – its baked into future compilers through the bootstrapped binary!
  10. 10. 10 October 2013 University of Virginia cs4414 10 Possible project idea: verify or (more likely) disprove this!
  11. 11. Nishant’s Talk Today! 10 October 2013 University of Virginia cs4414 11 6pm, Olsson 120
  12. 12. Midterm Exam Out now: https://docs.google.com/forms/d/113q31QJ3X-56XGXrElH_BCZts31qzKFxRbN57Cuyt0k/ 10 October 2013 University of Virginia cs4414 12 (Easier to follow link will be available shortly after class today.) 6 short answer questions (taken or adapted from the class notes) 1 longer answer synthesis question 1 programming question
  13. 13. Efficient Grading Algorithm 10 October 2013 University of Virginia cs4414 13 use std::rand; fn grade_midterm(answers: [~str]) -> float { let numq = answers.length; let urand = rand::random::<uint>() % numq; if good_answer(answers[urand]) { 1.0 } else if good_answer(answers[(urand + 1) % numq]) && good_answer(answers[(urand + 2) % numq]) { 1.0 } else { … // grade all answers } }
  14. 14. Efficient Grading Algorithm + Don’t Miss Interesting Answers 10 October 2013 University of Virginia cs4414 14 use std::rand; fn grade_midterm(answers: [~str]) -> float { if (/* answered question 9 */) return great_answer(answers[9]) && possibly look at other answers let numq = answers.length; let urand = rand::random::<uint>() % numq; if good_answer(answers[urand]) { 1.0 } else if good_answer(answers[(urand + 1) % numq]) && good_answer(answers[(urand + 2) % numq]) { 1.0 } else { … // grade all answers } }
  15. 15. Questions about Midterm 10 October 2013 University of Virginia cs4414 15
  16. 16. 10 October 2013 University of Virginia cs4414 16 Edsger Dijkstra (1930-2002) Sir Tony Hoare (born 1934)
  17. 17. 10 October 2013 University of Virginia cs4414 17
  18. 18. 10 October 2013 University of Virginia cs4414 18 Heraclitus Socrates Plato Aristotle Euclid 5 Dining Philosophers 5 Chopsticks (one between each pair) Need 2 chopsticks to eat
  19. 19. Djikstra’s (Hygenic) Version 10 October 2013 University of Virginia cs4414 19 In the canonical problem of the five dining philosophers, the philosophers, each of which alternatingly “thinks” and “eats”, are arranged cyclically, and no two neighbours may eat simultaneously. This constraint can be represented by placing the philosophers at the edges of a regular pentagon, each edge representing a pair- wise exclusion constraint between the two philosophers situated at its ends. Is this equivalent to the shared chopsticks?
  20. 20. Solution Desiderata • No communication required • No deadlock • No starvation: everyone gets to eat eventually • Fair: each philosopher has equal likelihood of getting to eat 10 October 2013 University of Virginia cs4414 20
  21. 21. 10 October 2013 University of Virginia cs4414 21 Heraclitus Socrates Plato Aristotle Euclid Could all the philosophers starve?
  22. 22. 10 October 2013 University of Virginia cs4414 22
  23. 23. Dijkstra’s Solution (Idea) Number the chopsticks, always grab lower- numbered stick first Does it matter how the chopsticks are numbered? 10 October 2013 University of Virginia cs4414 23
  24. 24. How does UVaCOLLAB solve this? 10 October 2013 University of Virginia cs4414 24 “UVaCollab is an advanced web-based course and collaboration environment”
  25. 25. 10 October 2013 University of Virginia cs4414 25 “Best Practices for Working in UVaCollab” • Don't allow multiple graders to grade the same students at the same time, although it's fine to grade different sections of students. • Don't open multiple browser tabs and windows while engaged in grading activities. • Avoid double-clicking links and buttons in UVaCollab as doing so may slow down response times. A single-click is all it takes.
  26. 26. The Real Challenge was to “Invent the Chopstick” Binary Semaphore Lock that can be held by up to one process 10 October 2013 University of Virginia cs4414 26
  27. 27. 10 October 2013 University of Virginia cs4414 27 type Semaphore = Option<uint> ; // either None (available) or owner static mut count: uint = 0; // protected by lock static mut lock: Semaphore = None; fn grab_lock(id: uint) { while (lock.is_some()) { ; } // wait for lock lock = Some(id); } fn release_lock() { lock = None; } fn update_count(id: uint) { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); } fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } } }
  28. 28. 10 October 2013 University of Virginia cs4414 28 type Semaphore = Option<uint> ; // either None (available) or owner static mut count: uint = 0; // protected by lock static mut lock: Semaphore = None; fn grab_lock(id: uint) { while (lock.is_some()) { ; } // wait for lock lock = Some(id); } fn release_lock() { lock = None; } fn update_count(id: uint) { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); } fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } } } FAIL! This is unsafe: semaphore.rs:9:11: 9:15 error: use of mutable static requires unsafe function or block semaphore.rs:9 while (lock.is_some()) { …
  29. 29. 10 October 2013 University of Virginia cs4414 29 type Semaphore = Option<uint> ; // either None (available) or owner static mut count: uint = 0; // protected by lock static mut lock: Semaphore = None; fn grab_lock(id: uint) { unsafe { while (lock.is_some()) { ; } lock = Some(id); } } fn release_lock() { unsafe { lock = None; } } fn update_count(id: uint) { unsafe { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); } } fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } } } What will the final count be?
  30. 30. 10 October 2013 University of Virginia cs4414 30 gash> ./semaphore > run1.txt gash> ./semaphore > run2.txt gash> ./semaphore > run3.txt gash> tail -1 run1.txt Count updated by 8u: 9968u gash> tail -1 run2.txt Count updated by 9u: 9951u gash> tail -1 run3.txt Count updated by 9u: 9950u
  31. 31. 10 October 2013 University of Virginia cs4414 31 type Semaphore = Option<uint> ; // either None (available) or owner static mut count: uint = 0; // protected by lock static mut lock: Semaphore = None; fn grab_lock(id: uint) { unsafe { while (lock.is_some()) { ; } lock = Some(id); } } fn release_lock() { unsafe { lock = None; } } fn update_count(id: uint) { unsafe { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); } } fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } } }
  32. 32. 10 October 2013 University of Virginia cs4414 32 fn update_count(id: uint) { unsafe { grab_lock(id); assert!(match lock { None => false, Some(lockee) => lockee == id}); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); } } Count updated by 1u: 710u Count updated by 2u: 710u Count updated by 1u: 711u Count updated by 2u: 713uCount updated by 1u: 713u Count updated by 2u: 714u Count updated by 2u: 715u task <unnamed> failed at 'assertion failed: match lock { None => false, Some(lockee) => lockee == id }', semaphore.rs:26 Count updated by 2u: 716u Count updated by 2u: 717u
  33. 33. http://rosettacode.org/wiki/Dining_ philosophers 10 October 2013 University of Virginia cs4414 33
  34. 34. Charge • If you don’t want to do the midterm, contribute a satisfactory Dining Philosophers in Rust to rosettacode.org • Otherwise (unless you are already exempt by solving a challenge), submit the midterm by 11:59pm Monday, October 14 10 October 2013 University of Virginia cs4414 34

×