>Synopsis: can we resist agains bit flipping? >Category: system >Environment: System : OpenBSD 7.2 Details : OpenBSD 7.2 (GENERIC.MP) #2: Thu Nov 24 23:53:03 MST 2022 r...@syspatch-72-arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP
Architecture: OpenBSD.arm64 Machine : arm64 >Description: https://en.wikipedia.org/wiki/Single-event_upset A single event upset gave someone in belgium who was in a poll, 4096 extra votes. When I think about this bit flip and look at the kernel code for an ultra secure operating system there is not much stopping someone to try an attack during a cosmic storm or increased solar activity. Perhaps a bit flips somewhere in the CPU or RAM? pjp@polarstern$ grep sourceroute ip_input.c int ip_dosourceroute = 0; if (!ip_dosourceroute) { if (!ip_dosourceroute) &ip_dosourceroute); Like here. As you know someone found something last week if this were enabled. But the way this check is. It doesn't check for the low bit set to one but it checks for the inverted value, so if the 12th bit was flipped in a solar storm ip_dosourceroute would now be 4096. And the system would be wide open. >How-To-Repeat: Hackers probably check the weather report like https://spaceweather.com/ for increased solar activity and then fill the CPU caches with attempts to get a bit flip happening. The odds aren't in their favour but who knows they may get lucky. >Fix: I propose all these variables to be monitored occasionally with a CRC check and if there is a bit flip happening to unset it to the right value. This is a lot of work but may be worth it. OpenBSD would never be faring to space right? I have no code but trying to think around how to do this. dmesg: cut