> On Mar 14, 2023, at 11:32 AM, p...@delphinusdns.org wrote: > >> Synopsis: can we resist agains bit flipping? >> Category: system >> Environment: > System : OpenBSD 7.2 > Details : OpenBSD 7.2 (GENERIC.MP) #2: Thu Nov 24 23:53:03 MST 2022 > r...@syspatch-72-arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP > > Architecture: OpenBSD.arm64 > Machine : arm64 >> Description: > https://en.wikipedia.org/wiki/Single-event_upset > > A single event upset gave someone in belgium who was in a poll, 4096 > extra votes. When I think about this bit flip and look at the kernel > code for an ultra secure operating system there is not much stopping > someone to try an attack during a cosmic storm or increased solar > activity. Perhaps a bit flips somewhere in the CPU or RAM? > > pjp@polarstern$ grep sourceroute ip_input.c > int ip_dosourceroute = 0; > if (!ip_dosourceroute) { > if (!ip_dosourceroute) > &ip_dosourceroute); > > Like here. As you know someone found something last week if this were > enabled. But the way this check is. It doesn't check for the low bit set to > one but it checks for the inverted value, so if the 12th bit was flipped in a > solar storm ip_dosourceroute would now be 4096. And the system would be wide > open. > >> How-To-Repeat: > Hackers probably check the weather report like > https://spaceweather.com/ for increased solar activity and then fill > the CPU caches with attempts to get a bit flip happening. The odds > aren't in their favour but who knows they may get lucky. >> Fix: > I propose all these variables to be monitored occasionally with a CRC > check and if there is a bit flip happening to unset it to the right value. > This is a lot of work but may be worth it. OpenBSD would never be faring to > space right? I have no code but trying to think around how to do this.
Why wouldn't you just buy ECC memory? https://en.wikipedia.org/wiki/ECC_memory