[Info-vax] Throwhammer, remote Rowhammer via RDMA (was Re: CVE-2018-8897 Privilege Escalation due to widespread misunderstanding of x86-64 privileged instruction semantics)

[already5chosen at yahoo.com]

On Friday, May 11, 2018 at 3:30:04 PM UTC+3, Simon Clubley wrote:
> On 2018-05-10, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
> >
> > More security fun, a remote rowhammer via RDMA.
> >
> > "Throwhammer: Rowhammer Attacks over the Network and Defenses"
> >
> > https://arstechnica.com/information-technology/2018/05/attackers-trigger-rowhammer-bit-flips-by-sending-network-packets-over-a-lan/ 
> >
> >
> > Which means memory-level rowhammer detection, or faster or smarter 
> > (TRR/pTRR) refresh support.  ECC alone isn't quite enough.
> >
> > DDR-related hardware updates for Itanium and Alpha systems are just not 
> > going to happen.
> >
> 
> At the rate things are developing, we are all going to be going back
> to using 32/64/128MB EDO/FPM memory based systems if we want a reasonably
> secure hardware platform.
> 

I don't want to speculate about long run, but at the short run DDR4 (made by S and H, less so by M) is less vulnerable (or completely immune?) to Rowhammer than DDR3.

> Of course, that means you won't be able to autogenerate GB of code
> to add a few numbers together and will have to actually know how
> all the layers in a computer work. :-)
> 
> I say the above in jest, but I wouldn't mind betting that some
> people are seriously wondering if returning to much older technology
> is one way to get a more secure hardware platform.
> 
> Simon.
> 
> -- 
> Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
> Microsoft: Bringing you 1980s technology to a 21st century world