Redox OS Ends 2024 On A High Note With Dynamic Linking Progress, ifconfig Port

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • Jabberwocky
    Senior Member
    • Aug 2011
    • 1185

    #11
    Originally posted by mangeek View Post
    I'm really excited about Redox OS. I know it's probably destined to stay a hobbyist OS, but I've always been fascinated with the microkernel concept; it just seems so good. I wonder if a rust-based graphics stack will be part of the picture.
    How does one protect against side channel hardware attacks on microkernels, like Spectre and others? Honest question. I've done some searches before writing this question but didn't find any answers my question properly.

    Comment

    • zexelon
      Senior Member
      • May 2019
      • 731

      #12
      Originally posted by rafanelli View Post
      Just when I learned to use `ip -c a`, `ifconfig` makes a comeback!
      TBH ifconfig is great for sys-adminning. It dumps out pretty much everything you need to debug a host network issue with no switches no "extras". It is always one of the first couple of packages I install these days. Its annoying how many distros actively abandon the KISS principal and leave these simple tools out of the base install for the heavy wight ip tooling.

      Comment

      • zexelon
        Senior Member
        • May 2019
        • 731

        #13
        Originally posted by Jabberwocky View Post

        How does one protect against side channel hardware attacks on microkernels, like Spectre and others? Honest question. I've done some searches before writing this question but didn't find any answers my question properly.
        Most likely with a TON of research. Microkernels are very uncommon in the wild and I doubt any major security researcher has touched one yet. If you want to make fringe group name for yourself, studying this with the likes of RedoxOS and putting out a paper would probably put your name at the forefront of security in this niche

        Personally I am super excited to see where RedoxOS goes and would also really like to know if there are any "intrinsic" security benefits to microkernels and this class of attacks.

        Comment

        • mangeek
          Senior Member
          • Dec 2012
          • 402

          #14
          Originally posted by Jabberwocky View Post

          How does one protect against side channel hardware attacks on microkernels, like Spectre and others?
          I suspect this is more appropriately a hardware/microcode issue than an OS one, but the operating systems have had to build workarounds to do things like flush buffers between certain types of operations in order to work around hardware deficiencies.

          I would assume that in a microkernel, the kernel could still have those flushes programmed in, but instead of just the kernel, the 'servers' providing some of the core services typically found in monolithic kernels might also need to have those workarounds in them.

          But imagine how that might be better! Maybe you have a bunch of apps that you don't worry about side-channel attacks with because you're not running in an environment where they're a risk, or they are trusted apps. For those, you might point them at different 'servers' that don't have the slower workarounds built in, and only apps that we worry about side-channel attack on need to use the slower servers with the workarounds!

          Comment

          • Vorpal
            Senior Member
            • Mar 2020
            • 398

            #15
            Originally posted by zexelon View Post

            Most likely with a TON of research. Microkernels are very uncommon in the wild and I doubt any major security researcher has touched one yet. If you want to make fringe group name for yourself, studying this with the likes of RedoxOS and putting out a paper would probably put your name at the forefront of security in this niche

            Personally I am super excited to see where RedoxOS goes and would also really like to know if there are any "intrinsic" security benefits to microkernels and this class of attacks.
            Microkernels are only kind of rare. In the context of desktop OSes: absolutely. But there are embedded/industrial use cases where micro kernels like QNX is common. And there are some really wild design when it comes to real time OSes targeting microcontrollers.

            But I doubt there has been much research into spectre etc for these. They are much less accessible to people not working in the field, they don't tend to run untrusted code (no web browsers), and for microcontrollers the CPUs tend to be simpler and may not even do speculative execution (just some very simple in-order super-scalar things).

            Comment

            • zexelon
              Senior Member
              • May 2019
              • 731

              #16
              Vorpal yes this a fair point. QNX is probably one of the most common OSs out there outside of desktop/mobile operating systems given its usage in automotive where it has been proven to have some major security issues... but those were not side channel attacks in any way. Most of them were simply asking the TPS sensor to give you access to the whole car while saying please.

              I think the other major one is the L4 kernel.

              Comment

              • ayumu
                Senior Member
                • Oct 2008
                • 613

                #17
                Most remarkable is their progress on the RISC-V port, which is going to be the most important going forward.

                Comment

                • Hi-Angel
                  Senior Member
                  • Feb 2016
                  • 852

                  #18
                  Originally posted by rafanelli View Post
                  Just when I learned to use `ip -c a`[…]
                  Yeah, should be one of the OOTB aliases IMO.

                  Comment

                  • Hi-Angel
                    Senior Member
                    • Feb 2016
                    • 852

                    #19
                    Originally posted by ahrs View Post
                    Not even Busybox implements it right and I always end up installing the ip-full package on OpenWRT.
                    Ooooh, "Busybox", so much pain in one word… To be fair, Busybox implements almost nothing right, even basic utilities are often clunky and buggy.

                    Comment

                    Working...
                    X