Hacker News new | ask | show | jobs
by stefan_ 2674 days ago
So Apple publishes some kernel source code under a license that basically only permits you to look at it, presumably for security researchers. Apple then also redacts security related code from the published code, going so far as to partially redact functions, only making them appear complete. Weaknesses are then found, of course, in code they redacted.

Feeling a bit schizophrenic here.
2 comments
profquail 2674 days ago
I didn’t see the article say anything about redacting code? The XNU kernel (used in macOS and iOS) is open-source and has been for some time: https://github.com/apple/darwin-xnu

My reading of the article was that Apple has some custom logic in the A12 (for the implementation of the pointer authentication extensions) and have made some (unreleased) modifications to the XNU code to utilize that custom logic. The article is the author reverse-engineering the unreleased modifications and working out how they interact with the A12, to try to discover exploitable weaknesses in the implementation.

link
csande17 2674 days ago
From the article:

> The part [of the comments in the released source] about the "pointer" containing authenticated, hasBKey, and hasDKey bits suggests that this code is dealing with authenticated pointers, although all the code that actually performs PAC operations has been removed from the public sources.

The researcher suspects Apple started with a version of the XNU code that supported the A12 logic, then removed the lines of code that actually performed the operations before publicly releasing it. In other words, Apple redacted security-related parts of the XNU source.

To me, at least, that's different from Apple creating a new XNU version that supports pointer authentication and not releasing it at all.

link
stefan_ 2674 days ago
The code obviously had enum values for pointer authentication in it. So why was the other code for it missing?
link
comex 2674 days ago
xnu is licensed under a combination of the APSLv2 and BSD licenses, both of which are OSI- and FSF-approved open source/free software licenses. Perhaps you’re thinking of the corecrypto source code release from a while back, which was indeed “under a license that basically only permits you to look at it”? That’s unrelated, though.
link