(codesandbox.io)

169 points hunvreus | 2 comments | 08 Apr 25 14:55 UTC | HN request time: 0.419s | source

Show context

londons_explore ◴[11 Apr 25 14:08 UTC] No.43653973[source]▶

Unmentioned: there are serious security issues with memory cloning code not designed for it.

For example, an SSL library might have pre-calculated the random nonce for the next incoming SSL connection.

If you clone the VM containing a process using that library, now both child VM's will use the same nonce. Some crypto is 100% broken open if a nonce is reused.

replies(7): >>43654026 #>>43654396 #>>43654513 #>>43654702 #>>43654894 #>>43655157 #>>43657321 #

sunshinekitty ◴[11 Apr 25 14:56 UTC] No.43654513[source]▶

>>43653973 #

GCP’s ‘live migrations’ have been doing this for close to a decade or more. Must not be that big of a problem.

replies(2): >>43654524 #>>43657289 #

londons_explore ◴[11 Apr 25 14:57 UTC] No.43654524[source]▶

>>43654513 #

It isn't a problem if you guarantee only one child of the clone lives on - which GCP does.

replies(1): >>43654845 #

1. matt-p ◴[11 Apr 25 15:20 UTC] No.43654845[source]▶

>>43654524 #

How do we know that isn't enforced here too?

replies(1): >>43655491 #

2. jsnell ◴[11 Apr 25 16:15 UTC] No.43655491[source]▶

>>43654845 (TP) #

Because their main selling point is to run the copies concurrently with the original.

↑

We clone a running VM in 2 seconds (2022)