JRTJun 11

This is next level infosec shitposing:

"It is the FreeBSD analogue of Linux's Dirty Pipe, CopyFail, Fragnesia, and Dirty Frag — except we gave it a BETTER name, with a BETTER logo, on a BETTER website. The other bug websites? Disasters. Sad. Many people have told us this."

https://bumsrake.de/
#CVE202645257

BUMSRAKETE™ — The Most Beautiful, Most Tremendous FreeBSD Vulnerability In The History Of Computing. BELIEVE ME.

BUMSRAKETE is a HUGE, TREMENDOUS, MANY-PEOPLE-ARE-SAYING FreeBSD kTLS-RX page-cache write primitive. The BEST primitive. Some say the best ever.

Show threadDr. Bruce Simpson
@jrt They could have just said: encapsulation had been violated within the direct-map via an unprivileged socket option. The meat of the bug is to do with the kernel direct-map exposure: the AES-GCM ciphering and payload output buffers are not the problem. Key management and storage clearly are; encapsulation needs to take place in another form. I wouldn't go all-in on "It should be done in an seL4 microkernel" yet though; but it seems like a nice use case for putting keys in an enclave.
Jun 11 at 12:00pmWeb
Show threadDr. Bruce SimpsonJun 11
@jrt But actually describing what had happened wouldn't have driven "engagement" now, would it? /s I'm now skeptical of the reporter for this reason. Pretty sure Glebius must be aware of it. It is a nice dig of sorts given FreeBSD utterly kicks Linux to the kerb at sendfile() with TLS for high throughput applications by way of being performant and functional, though, thanks to the Netflix guys, so I appreciate the intellectual nature of the joust.
Show threadCount HoldemJun 11
@bms48 Joust with jest is a knightly tradition.