Add mitigating measures against rowhammer attacks.
squell opened this issue · comments
This pre-print describes some use of rowhammer attacks against sudo: https://arxiv.org/pdf/2309.02545.pdf. The mitigations listed in the section feel a bit "only half a solution", since opcode flipping is still a risk; and opinions among security researchers I consulted is that there is only so much you can do in software to protect against this.
Still, some low-hanging fruit which is easily done in Rust is to use arbitrary enum discriminants; e.g. we could not just protect the "is this user authentication bit", but the entire AST of the sudoers parser.
original sudo has recently added similar mitigations, see: sudo-project/sudo@7873f83#diff-b8ac7ab4c3c4a75aed0bb5f7c5fd38b9ea6c81b7557f775e46c6f8aa115e02cd
(hat-tip to Todd Miller for sharing)