Rowhammer NaCl vulnerability

[ghost]

Given that NaCl is vulnerable to rowhammer attacks

CVE-2015-0565 https://code.google.com/p/nativeclient/issues/detail?id=3944 http://googleprojectzero.blogspot.fr/2015/03/exploiting-dram-rowhammer-bug-to-gain.html https://code.google.com/p/google-security-research/issues/detail?id=284

Does this not mean that Codius, is similarly vulnerable, given its reliance on NaCl?

If I'm reading the above threads correctly NaCl release 39 is affected, and CLFLUSH is removed in NaCl 40. Perhaps a hard-requirement on NaCl 40+ is recommended here?

[wilsonianb]

Hi Jeff,

Good catch. However, Codius is currently using seccomp-bpf as the sandboxing mechanism instead of Native Client. We do not plan to utilize NaCl in the foreseeable future.

On Tue, Mar 10, 2015 at 1:34 PM, Jeff Cliff notifications@github.com wrote:

Given that NaCl is vulnerable to rowhammer attacks

http://googleprojectzero.blogspot.fr/2015/03/exploiting-dram-rowhammer-bug-to-gain.html https://code.google.com/p/google-security-research/issues/detail?id=284

Does this not mean that Codius, is similarly vulnerable, given its reliance on NaCl?

— Reply to this email directly or view it on GitHub https://github.com/codius/codius/issues/7.

[wilsonianb]

We'll be publishing a blog post on the subject.

[tdfischer]

Hi, Jeff! Thanks for taking an interest and noticing that this might apply to Codius.

Unfortunately rowhammer is a hardware bug, so there is nothing that we can do short of recommending that codius hosts run ECC ram. Here's a quick blog post summary of the issue:

https://codius.org/blog/rowhammer/

[ghost]

The original rowhammer paper discusses ECC and points out it is not a very good defense against rowhammer (ie it helps but not really), but if it's a seccomp-bpf/linux/hardware issue then I guess that might be that.