The document discusses a plan for the day which includes topics on backdoors in Linux and Rust, a talk by Nishant, and the midterm exam. It then goes into details on the talk topics - discussing a past attempted Linux backdoor, whether a backdoor could be introduced in Rust, and Thompson's "Trusting Trust" speech. It also provides details on the midterm format and answers questions from students. Finally, it discusses the dining philosophers problem and shows an example implementation using a binary semaphore in Rust.
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Plan for Today's Class
1.
2. Plan for Today
• Backdoors in Linux and Rust?
• Nishant’s Talk Today
• Midterm
– Last chance to ask questions on anything we’ve
covered so far (until after Midterm)
• Dining Philosophers
10 October 2013 University of Virginia cs4414 1
3. Is there a backdoor in the
Linux kernel?
10 October 2013 University of Virginia cs4414 2
4. Detected Nearly Successful Attempt
(2003)
10 October 2013 University of Virginia cs4414 3
https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003/
if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
retval = -EINVAL;
Code added to wait4 (kernel-level) program to
“support new options for root-level user”:
7. Could this happen with Rust?
10 October 2013 University of Virginia cs4414 6
if ((options == (__WCLONE|__WALL)) && (current_uid = 0))
{
retval = -EINVAL;
}
gash> rustc assign.rs
assign.rs:9:42: 9:60 error: mismatched types: expected `bool` but found `()`
(expected bool but found ())
assign.rs:9 if ((options == (__WCLONE|__WALL)) && (current_uid = 0)) {
^~~~~~~~~~~~~~~~~~
error: aborting due to previous error
8. How hard would it be to place a
“backdoor” in Rust?
10 October 2013 University of Virginia cs4414 7
Constructing a backdoor in Rust: any Rust program that
does not use unsafe, but for which the compiler outputs a
binary that is not type safe.
9. 10 October 2013 University of Virginia cs4414 8
Ken Thompson’s 1983 Turing Award Acceptance Speech
10. Thompson’s “Trusting Trust”
10 October 2013 University of Virginia cs4414 9
Introduce a compiler bug
will recognize “login” and
compile it to include a
backdoor login
Bootstrap compiler
Remove evidence of bug –
its baked into future
compilers through the
bootstrapped binary!
11. 10 October 2013 University of Virginia cs4414 10
Possible project idea: verify or (more likely) disprove this!
19. 10 October 2013 University of Virginia cs4414 18
Heraclitus
Socrates
Plato
Aristotle
Euclid
5 Dining Philosophers
5 Chopsticks (one between
each pair)
Need 2 chopsticks to eat
20. Djikstra’s (Hygenic) Version
10 October 2013 University of Virginia cs4414 19
In the canonical problem of the five dining
philosophers, the philosophers, each of which
alternatingly “thinks” and “eats”, are arranged
cyclically, and no two neighbours may eat
simultaneously. This constraint can be represented
by placing the philosophers at the edges of a
regular pentagon, each edge representing a pair-
wise exclusion constraint between the two
philosophers situated at its ends.
Is this equivalent to the shared chopsticks?
21. Solution Desiderata
• No communication required
• No deadlock
• No starvation: everyone gets to eat eventually
• Fair: each philosopher has equal likelihood of
getting to eat
10 October 2013 University of Virginia cs4414 20
22. 10 October 2013 University of Virginia cs4414 21
Heraclitus
Socrates
Plato
Aristotle
Euclid
Could all the
philosophers starve?
24. Dijkstra’s Solution (Idea)
Number the chopsticks,
always grab lower-
numbered stick first
Does it matter how the
chopsticks are
numbered?
10 October 2013 University of Virginia cs4414 23
25. How does UVaCOLLAB solve this?
10 October 2013 University of Virginia cs4414 24
“UVaCollab is an advanced
web-based course and
collaboration environment”
26. 10 October 2013 University of Virginia cs4414 25
“Best Practices for Working in UVaCollab”
• Don't allow multiple graders to grade the
same students at the same time, although
it's fine to grade different sections of
students.
• Don't open multiple browser tabs and
windows while engaged in grading
activities.
• Avoid double-clicking links and buttons in
UVaCollab as doing so may slow down
response times. A single-click is all it takes.
27. The Real Challenge was to
“Invent the Chopstick”
Binary Semaphore
Lock that can be held by up to one process
10 October 2013 University of Virginia cs4414 26
28. 10 October 2013 University of Virginia cs4414 27
type Semaphore = Option<uint> ; // either None (available) or owner
static mut count: uint = 0; // protected by lock
static mut lock: Semaphore = None;
fn grab_lock(id: uint) {
while (lock.is_some()) { ; } // wait for lock
lock = Some(id);
}
fn release_lock() { lock = None; }
fn update_count(id: uint) {
grab_lock(id);
count += 1;
println(fmt!("Count updated by %?: %?", id, count));
release_lock();
}
fn main() {
for num in range(0u, 10) {
do spawn { for _ in range(0u, 1000) { update_count(num); } } } }
29. 10 October 2013 University of Virginia cs4414 28
type Semaphore = Option<uint> ; // either None (available) or owner
static mut count: uint = 0; // protected by lock
static mut lock: Semaphore = None;
fn grab_lock(id: uint) {
while (lock.is_some()) { ; } // wait for lock
lock = Some(id);
}
fn release_lock() { lock = None; }
fn update_count(id: uint) {
grab_lock(id);
count += 1;
println(fmt!("Count updated by %?: %?", id, count));
release_lock();
}
fn main() {
for num in range(0u, 10) {
do spawn { for _ in range(0u, 1000) { update_count(num); } } } }
FAIL! This is unsafe:
semaphore.rs:9:11: 9:15 error: use of mutable
static requires unsafe function or block
semaphore.rs:9 while (lock.is_some()) {
…
30. 10 October 2013 University of Virginia cs4414 29
type Semaphore = Option<uint> ; // either None (available) or owner
static mut count: uint = 0; // protected by lock
static mut lock: Semaphore = None;
fn grab_lock(id: uint) {
unsafe {
while (lock.is_some()) { ; }
lock = Some(id);
} }
fn release_lock() { unsafe { lock = None; } }
fn update_count(id: uint) {
unsafe {
grab_lock(id);
count += 1;
println(fmt!("Count updated by %?: %?", id, count));
release_lock();
}
}
fn main() {
for num in range(0u, 10) {
do spawn {
for _ in range(0u, 1000) {
update_count(num);
}
}
}
}
What will the final count be?
31. 10 October 2013 University of Virginia cs4414 30
gash> ./semaphore > run1.txt
gash> ./semaphore > run2.txt
gash> ./semaphore > run3.txt
gash> tail -1 run1.txt
Count updated by 8u: 9968u
gash> tail -1 run2.txt
Count updated by 9u: 9951u
gash> tail -1 run3.txt
Count updated by 9u: 9950u
32. 10 October 2013 University of Virginia cs4414 31
type Semaphore = Option<uint> ; // either None (available) or owner
static mut count: uint = 0; // protected by lock
static mut lock: Semaphore = None;
fn grab_lock(id: uint) {
unsafe {
while (lock.is_some()) { ; }
lock = Some(id);
} }
fn release_lock() { unsafe { lock = None; } }
fn update_count(id: uint) {
unsafe {
grab_lock(id);
count += 1;
println(fmt!("Count updated by %?: %?", id, count));
release_lock();
}
}
fn main() {
for num in range(0u, 10) {
do spawn {
for _ in range(0u, 1000) {
update_count(num);
}
}
}
}
33. 10 October 2013 University of Virginia cs4414 32
fn update_count(id: uint) {
unsafe {
grab_lock(id);
assert!(match lock { None => false,
Some(lockee) => lockee == id});
count += 1;
println(fmt!("Count updated by %?: %?", id, count));
release_lock();
}
}
Count updated by 1u: 710u
Count updated by 2u: 710u
Count updated by 1u: 711u
Count updated by 2u: 713uCount updated by 1u: 713u
Count updated by 2u: 714u
Count updated by 2u: 715u
task <unnamed> failed at 'assertion failed: match lock { None => false, Some(lockee) =>
lockee == id }', semaphore.rs:26
Count updated by 2u: 716u
Count updated by 2u: 717u
35. Charge
• If you don’t want to do the midterm,
contribute a satisfactory Dining Philosophers
in Rust to rosettacode.org
• Otherwise (unless you are already exempt by
solving a challenge), submit the midterm by
11:59pm Monday, October 14
10 October 2013 University of Virginia cs4414 34