[E-Lang] Relying on H/W

Bill Frantz frantz@pwpconsult.com
Mon, 29 Jan 2001 10:12:17 -0800


At 9:38 PM -0800 1/26/01, Chris Hibbert wrote:
>Bill Frantz wrote:
>> I have my doubts.  I just don't trust PC hardware enough.  A simple error
>> in virtual address translation, an undetected memory or disk error, the
>> list goes on.  What we can hope is that these errors will cause the
>> substrate to stop (crash) rather than compute with bad data.
>
>There are only a few reliable hardware faults (Intel floating point
>comes to mind.).  Most of the errors you describe are sporadic.  If you
>can't write an exploit based on them, I'm not sure they matter much.  In
>the same sense MarcS used earlier, they mostly lead to technical faults.
> If a cracker can't use them to write anywhere in the memory of some
>privileged process, they don't buy her much.

I think the place to be most concerned is where some security value is
changed by the error.  In the EROS case, if a DomainKey was changed to a
NodeKey by a memory error, then you would have a "magic" wand to wave over
that domain, which will persist as long at the domain persists.

Does anyone have any information about how often these kinds of errors
actually occur?  (Or are all my Windows re-boots software caused?)


-------------------------------------------------------------------------
Bill Frantz       | Microsoft Outlook, the     | Periwinkle -- Consulting
(408)356-8506     | hacker's path to your      | 16345 Englewood Ave.
frantz@netcom.com | hard disk.                 | Los Gatos, CA 95032, USA