←back to thread

We clone a running VM in 2 seconds (2022)

(codesandbox.io)
169 points hunvreus | 6 comments | 08 Apr 25 14:55 UTC | HN request time: 0.71s | source | bottom
Show context
londons_explore ◴[11 Apr 25 14:08 UTC] No.43653973[source]
Unmentioned: there are serious security issues with memory cloning code not designed for it.

For example, an SSL library might have pre-calculated the random nonce for the next incoming SSL connection.

If you clone the VM containing a process using that library, now both child VM's will use the same nonce. Some crypto is 100% broken open if a nonce is reused.

replies(7): >>43654026 #>>43654396 #>>43654513 #>>43654702 #>>43654894 #>>43655157 #>>43657321 #
1. perching_aix ◴[11 Apr 25 15:23 UTC] No.43654894[source]
I don't really follow, what's the issue with that? The two nodes will encrypt using the same key, so they can snoop at each other's traffic that they send out? Doesn't sound that big of a deal per se.
replies(2): >>43655173 #>>43655673 #
2. Rygian ◴[11 Apr 25 15:46 UTC] No.43655173[source]
A nonce is not a key, it's a piece of random that is meant to be used at most once.

If an attacker sees valid nonces on a VM, and knows of another VM sharing the same nonces, then your crypto on both* VMs becomes vulnerable to replay attacks.

*read: all

replies(2): >>43655417 #>>43656303 #
3. nodesocket ◴[11 Apr 25 16:08 UTC] No.43655417[source]
How would a reply attack work in production assuming multiple VMs share a nonce?
replies(1): >>43655794 #
4. londons_explore ◴[11 Apr 25 16:30 UTC] No.43655673[source]
Reusing a nonce often allows the entire world to decrypt or MITM the data.
5. saagarjha ◴[11 Apr 25 16:40 UTC] No.43655794{3}[source]
You record the traffic going to one VM and send it to another, which will now accept it because the nonce is the same.
6. trollied ◴[11 Apr 25 17:30 UTC] No.43656303[source]
“Number ONCE”. NONCE. Indeed.