WingNews logo WingNews
top | item 38032199

(no title)

sshb | 2 years ago

I was always wondering if it’s possible to figure pledges in compile-time for Go, e.g., declare in your module “I will never access network” and make compiler verify that. (Wouldn’t work for assembly for sure, but probably is okay for most of the modules)

discuss

order

film42|2 years ago

I recently saw a post about Cackle [1] coming out of the rust ecosystem which looks pretty cool. Similar to what others have said, there's always a chance that a C lib or shell script is leveraged to bypass compile time guarantees. I think that's why it's important to do both. Do what you can to keep your supply chain safe and limit your runtime as much as possible.

[1] https://davidlattimore.github.io/making-supply-chain-attacks...

nonameiguess|2 years ago

Go lets you run arbitrary shell commands. Even if you couldn't, you can do virtually anything with IO. Even if it had some way to guess the file you're trying to open is a socket, you don't necessarily need a socket. You can be writing to a named pipe or even a tty that serves as the input to ncat which keeps an active tcp session with some C&C server always running as a system daemon. That might sound ridiculous, but real-world malware often works in pairs like that where one process will simply see if another exists, do bad stuff if so, and forget about it if not. They're attacking millions if not billions of hosts, so don't need them all to join the botnet. Only the kernel at runtime knows what you're doing at the level of detail needed to prevent something like this.

PhilipRoman|2 years ago

/proc would like a word with you

But yes technically such a setup is possible (not with any mainstream OS though). It would have to be very restrictive w.r.t mounts and virtual file systems.