Notices by William D. Jones (cr1901@mastodon.social)

Before email, were Carbon Copies typically "Blind" (nobody knew who got copies other than themselves), or were there conventions in place so ppl knew who had copies?

@ewenmcneill @mxshift Never thought about this, so sorry if this is a stupid q, but... since routing uses subnet and dest IP to decide how/where/which iface to send a packet, why can't a machine lie about it's source IP in a packet to get past a incoming conn firewall?

@david_chisnall @ewenmcneill @mxshift Indeed, as mentioned by Ewen earlier, I forgot the part where the dest actually has to reply.

Re: sending a big packet to a victim, at worst won't that cause excess network traffic that'll be ignored (b/c the victim won't be listening, the kernel will discard it)?

Also I thought the whole purpose of IOMMU was "the kernel decides the memory addresses a device can write to/read from, for each xaction". Won't not knowing valid addrs guard against spoofing?

@david_chisnall >They assume trusted devices and untrusted VMs.

Are you using VM as a catch-all for "anything running a kernel"? Or actual VM as in "kernel running under control of a hypervisor, either bare metal or another kernel"?

Anyways this sounds backwards :P. I thought devices not choosing to read/write all over mem was what we were trying to prevent. Why would we trust the devices to _not_ do that :D?

@david_chisnall Ack everything re: the network slowing down.

>A malicious device can choose to use a different mapping.

Yes, but when the malicious devices tries to write/read into kernel mem using its own chosen device physical addresses, the IOMMU will recognize that the kernel said "no, I don't allow writes/reads through this address" and quash the write/read.

And how would the device be able to choose which host physical address it wants to (maliciously) read and write?

@david_chisnall Okay, you lost me. Why is this threat model specific to VMs, as opposed to applying equally to not-VMs?

What's special about VMs such that they're more susceptible to having host memory overwritten?

I guess guest OS memory can be overwritten by a rogue device too, but that at least will be constrained to the VM given proper sandboxing...

@notgull How is Rust's LLVM dep being handled? Don't get me wrong, I would love to get rid of it, just based on the fact it's 10 million lines of C++, arguably the only language more complex to write a compiler for than Rust. But we don't have that luxury :/.

@erincandescent I thought you _liked_ C :D