back to article Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge?

Security researchers have discovered a means to use previously unknown vulnerabilities found in in-memory deduplication to attack otherwise well-defended systems. The well-known standard compression technique, which is ubiquitous as a way of reducing the memory footprint across virtual machines, is also a by-default feature …

  1. Anonymous Coward
    Linux

    Awaiting a "fix" from MSFT...

    No mention of other systems though... are BSD, Linux, OSX etc. typically vulnerable? What about security orientated OSs like Qubes? Passing reference to "cloud" so can Xen be pwned/escaped from within a browser?

    1. Hans 1

      Re: Awaiting a "fix" from MSFT...

      >What about security orientated OSs like Qubes?

      What about security orientated OSs like OpenBSD?

      FTFY

      1. Anonymous Coward
        Linux

        Re: Awaiting a "fix" from MSFT...

        Steady on Hans! I did mention BSD - but it's really just a more security concious general purpose OS - not playing in the same league of security obsession as Qubes (or Whonix and whatnot...).

        The report does state:

        "On Linux, memory deduplication is known as kernel same page merging (KSM). The implementation operates differently compared to Windows, combining both scanning and merging operations in periodic and incremental passes over physical memory"

        ...but doesn't give an obvious statement on whether or not that's a good thing as far as this attack is concerned. Still reading...

        Edit: Not sure why asking a question would earn us each a downvote... Has RICHTO stopped to pay us his respects?

    2. Aodhhan

      Re: Awaiting a "fix" from MSFT...

      This isn't a Microsoft problem; this is a computer theory problem (there are many of these) which can be alleviated by the operating system. In this case, the problem is how memory itself is deduped, stored and secured.

      It's likely other operating systems will find the same or similar problems since all use deduplication to handle data. Not only in memory, but on permanent storage media as well. Pointers instead of duplicate information is used all over the place to save time and space.

      1. Anonymous Coward
        Anonymous Coward

        Re: Awaiting a "fix" from MSFT...

        "Edit: Not sure why asking a question would earn us each a downvote.."

        Standard thing. I think one person spends their entire day down voting.

        1. Anonymous Coward
          Happy

          Re: Awaiting a "fix" from MSFT...

          See, I rest my case.

          1. Anonymous Coward
            Linux

            Re: Awaiting a "fix" from MSFT...

            It seems that "KSM" (Kernel Samepage Merging) is typically disabled by default on Linux distros. It's enabled and tuned by a package called... somewhat unsurprisingly... "ksmtuned"

            You can check with:

            cat /sys/kernel/mm/ksm/run

            "1" being "enabled" and "0" "disabled" - obviously.

            http://blog.siphos.be/2013/05/enabling-kernel-samepage-merging-ksm/

    3. Aaron 10

      Re: Awaiting a "fix" from MSFT...

      What about ECC RAM?

    4. This post has been deleted by its author

  2. Dan 55 Silver badge
    Coffee/keyboard

    Edge is secure?

    On each Patch Tuesday which has patches for MS's browsers, you'll find half the CVEs are shared between IE and Edge.

    1. Anonymous Coward
      Gates Horns

      Re: Edge is secure?

      IE 3 4 5 6 7 8 9 10 11 "Edge" is the most secure Microsoft browser to date. Don't you read our press releases?

      1. Anonymous Coward
        Happy

        Re: Edge is secure?

        As opposed to Chrome 1,2,3,4.... oh I can't be arsed, what is it now 9307?

  3. Anonymous Coward
    Anonymous Coward

    dedupe? wtf? why?

    Why the hell is a desktop OS, mucking about with de-duping memory pages, memory is cheap now, so it's pointless

    or is this only for virtual systems, even then that seems stupid for security.

    Sometimes Software engineers need a cluebyfour applied sharply to the head.

    1. Aodhhan

      Re: dedupe? wtf? why?

      Because it's A LOT faster and allows more uniformity.

      Unless you want to go back to the coding days where you really had to worry about where things were put into memory to ensure there were no conflicts. Manual memory management was a pain in the arse when most programs were less than 512K. Now programs require gigs of memory, it would take forever just to get it out the door by a team of people dedicated to it. Even then, you'd gripe because you'll use a program only to find it conflicts with another, and crashes. ..and if you think memory leaks are bad now. HA!

      Again I say, half the people who post are below average intelligence... but it's probably a lot higher when it comes to knowledge of computer theory.

      1. Tchou
        Boffin

        Re: dedupe? wtf? why?

        Newer languages and software architectures are utter catastrophe when it comes to memory use & management. For no added value except overly "architectured" code and runtimes for.. nearly zero gains (except trashing CPU caches by mis-aligning objects in memory and useless context switches). THAT'S why new software needs gigs of RAM.

        You may be naïve thinking all this "progress" happen for the greater good. Mister commentard it is an industry with some of the most important issues on Earth (millions of billions of $, strategic information dominance, industry/military intelligence, ..) and it certainly is a filthy one.

  4. jb99

    This...

    appears to be a hardware issue?

    1. Anonymous Coward
      Anonymous Coward

      Re: This...

      Hard & soft.

      It's a hardware feature/flaw (depending on your point of view) optionally activated by the kernel (or hypervisor) and handled differently by different kernels - potentially with differing ramifications as a result... As far as I can tell so far.

      A more comprehensive list of systems which enable it by default would have been nice. Not just the list of M$ systems which enable it (8.1 & X) but it does seem to be off by default on most Linux distros.

  5. GrapeBunch

    Will Life imitate Art?

    "Rowhammer involves rapidly writing and rewriting memory to force capacitor errors in DRAM that can then be exploited to gain control of the system." Imagine that a "capacitor error" is an actual fire, as one might find if the attack conduit is a Smart Meter, and the "memory" is simply the On/Off of a device in its network.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like