Basilisk and "Meltdown" + "Spectre" Topic is solved

Forum for discussions around the Basilisk web browser.

Moderator: satrow

fipsy
Moongazer
Moongazer
Posts: 14
Joined: Fri, 24 Nov 2017, 02:43

Basilisk and "Meltdown" + "Spectre"

Postby fipsy » Thu, 04 Jan 2018, 23:20

Are there currently any efforts to secure Basilisk against the new Meltdown and Spectre vulnerabilities? Mozilla and Google (Chrome) are currently working flat out to release a few fixes in real time. I'm afraid this won't be possible with Basilisk because it requires processes to run in their own threads. If that's the case, it's hard to advise against using Basilisk on the web because it would be a huge security risk.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 20333
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Basilisk and "Meltdown" + "Spectre"

Postby Moonchild » Thu, 04 Jan 2018, 23:23

No, none of this is a problem for basilisk because, tada, we don't use multiple processes. I will, however, release an update to Basilisk to make all accurate-timing-based attacks pretty much impossible; Pale Moon already had that mitigated, but was not prioritized to implement into Basilisk yet.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

fipsy
Moongazer
Moongazer
Posts: 14
Joined: Fri, 24 Nov 2017, 02:43

Re: Basilisk and "Meltdown" + "Spectre"

Postby fipsy » Thu, 04 Jan 2018, 23:37

@Moonchild: Thanks a lot for the fast answer! :thumbup:

I read that the JavaScript method performance.now() may only return the time exactly to 20 µs and SharedArrayBuffer must be deactivated.

Did I understand correctly that the vulnerability lies in the fact that single threads can read the data of other threads in the CPU? And that this is not possible with Basilisk / PaleMoon because all tabs run in one thread? Is this also the case if I open several instances of Basilisk in parallel?
Last edited by fipsy on Thu, 04 Jan 2018, 23:37, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 20333
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Basilisk and "Meltdown" + "Spectre"  Topic is solved

Postby Moonchild » Thu, 04 Jan 2018, 23:56

Accurate timing based attacks were already mitigated to some extent by clamping the performance timers; this was enough for e.g. not being able to getting accurate measurements of the CPU speed any longer (used for fingerprinting, etc.) but not enough to mitigate all instances of these vulnerabilities on all hardware.
Mozilla now clamps to 20 µs (meaning it will not measure anything with greater accuracy than 20 µs granularity); Basilisk does not, yet and still uses 5 µs -- we'll be playing it safe and bumping that to 50 µs which will effectively thwart all these types of timing attacks because it's too course to reliably manipulate buffers to exploit this kind of thing. 50 µs is still plenty accurate for any timer in a browser you would ever need (and then some).

We won't have to deal with additional issues that could be caused by multi-process timing attacks or attacks against IPC, that Mozilla and Google will have to look at, which is what I hinted at in my first reply. It will have no bearing on having multiple copies of the browser running because they do not exchange data between them like a multi-process application would.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

fipsy
Moongazer
Moongazer
Posts: 14
Joined: Fri, 24 Nov 2017, 02:43

Re: Basilisk and "Meltdown" + "Spectre"

Postby fipsy » Sun, 07 Jan 2018, 01:38

Thank you very much for the quick response to the new threats and for the new release! :clap:


Return to “Basilisk”

Who is online

Users browsing this forum: Deadhead and 3 guests