search

trifectatechfoundation / sudo-rs

A memory safe implementation of sudo and su.
Other
2.88k stars 77 forks source link

Add mitigations against Rowhammer attacks #765

Closed pohlm01 closed 12 months ago

pohlm01 commented 1 year ago

Critical enums are now represented using values that are very different. It's therefore much harder to circumvent authentication with a single bit flip.

Closes #763

codecov[bot] commented 1 year ago

Codecov Report

Patch and project coverage have no change.

Comparison is base (b5eb2c6) 55.29% compared to head (80d10d2) 55.29%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #765 +/- ## ======================================= Coverage 55.29% 55.29% ======================================= Files 72 72 Lines 9834 9834 ======================================= Hits 5438 5438 Misses 4396 4396 ``` | [Files Changed](https://app.codecov.io/gh/memorysafety/sudo-rs/pull/765?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=memorysafety) | Coverage Δ | | |---|---|---| | [src/common/context.rs](https://app.codecov.io/gh/memorysafety/sudo-rs/pull/765?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=memorysafety#diff-c3JjL2NvbW1vbi9jb250ZXh0LnJz) | `84.09% <ø> (ø)` | | | [src/exec/event.rs](https://app.codecov.io/gh/memorysafety/sudo-rs/pull/765?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=memorysafety#diff-c3JjL2V4ZWMvZXZlbnQucnM=) | `0.00% <ø> (ø)` | | | [src/sudoers/ast.rs](https://app.codecov.io/gh/memorysafety/sudo-rs/pull/765?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=memorysafety#diff-c3JjL3N1ZG9lcnMvYXN0LnJz) | `82.76% <ø> (ø)` | | | [src/sudoers/policy.rs](https://app.codecov.io/gh/memorysafety/sudo-rs/pull/765?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=memorysafety#diff-c3JjL3N1ZG9lcnMvcG9saWN5LnJz) | `77.17% <ø> (ø)` | | | [src/sudoers/tokens.rs](https://app.codecov.io/gh/memorysafety/sudo-rs/pull/765?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=memorysafety#diff-c3JjL3N1ZG9lcnMvdG9rZW5zLnJz) | `96.42% <ø> (ø)` | |

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

squell commented 1 year ago

I'm the opposite (can read x86, but not ARM), so we can take a look at that together. :)

I've also considered suggestion replacing the Option in e.g. find_item, but that would stop being "low hanging fruit" (e.g. we use the ? syntax a lot to keep that function readable).