zlacker

[parent] [thread] 5 comments
1. tlarkw+(OP)[view] [source] 2021-04-07 15:33:10
Simple but not 100% foolproof, you can mutate your source code and verify the changes propagate.

Note the endpoint does a DYNAMIC lookup of source code. So you can kinda reassure yourself the endpoint is executing dynamic code just by providing your own source code.

It might be more obvious the runtime does nothing much if you see the runtime https://github.com/endpointservices/serverlesscells

The clever bits that actually implement services are all in the notebooks.

replies(2): >>mulmen+01 >>yjftsj+w5
2. mulmen+01[view] [source] 2021-04-07 15:36:54
>>tlarkw+(OP)
That doesn't seem to provide any meaningful indication the endpoint runs the code it claims. Can't I just create an evil endpoint that links to legit code?
replies(1): >>tlarkw+a2
◧◩
3. tlarkw+a2[view] [source] [discussion] 2021-04-07 15:41:39
>>mulmen+01
No the endpoint is shared across all customers, the service providers do not self host, generally. The end point is the infra provider. Later I might try to code sign that and open up the cloud console for visibility, but not short term
4. yjftsj+w5[view] [source] 2021-04-07 15:54:37
>>tlarkw+(OP)
> Simple but not 100% foolproof, you can mutate your source code and verify the changes propagate.

If I was evil, I wouldn't have a totally separate source tree and binary that I shipped; I'd have my CI process inject a patch file. As a result, everything would work as expected - including getting any changes from the public source code - but the created binaries would be backdoored.

replies(2): >>pluies+3b >>tlarkw+hi
◧◩
5. pluies+3b[view] [source] [discussion] 2021-04-07 16:18:21
>>yjftsj+w5
https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref... :)
◧◩
6. tlarkw+hi[view] [source] [discussion] 2021-04-07 16:51:25
>>yjftsj+w5
Yeah I can fix this with work but just getting some users would be helpful first
[go to top]