Avoid reading time stamp counter #1074
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…opcode injection technique for reading the time stamp counter.
…e Time Stamp Counter and altering the implementation to read an Environment variable.
drewnoakes
reviewed
Sep 6, 2023
| // The application can set this environment variable when this code is running in a system where | ||
| // it is not desirable to read the processor's time stamp counter. | ||
| // While this is supported in modern CPUs, the technique used for allocating executable memory, copying OP Code | ||
| // for the read of the time stamp and invoking the OP Code can be detected as Malware by some anti-virus vendors. |
There was a problem hiding this comment.
Please include a link to the original issue here so that we can more easily see the motivation for this feature in future:
Suggested change
| // for the read of the time stamp and invoking the OP Code can be detected as Malware by some anti-virus vendors. | |
| // for the read of the time stamp and invoking the OP Code can be detected as Malware by some anti-virus vendors. | |
| // https://github.com/zeromq/netmq/issues/1071 |
drewnoakes
reviewed
Sep 6, 2023
src/NetMQ/Core/Utils/OpCode.cs
Outdated
Comment on lines
19
to
21
| var val = Environment.GetEnvironmentVariable("NETQM_SUPPRESS_RDTSC"); | ||
| if ("TRUE".Equals(val, StringComparison.OrdinalIgnoreCase)) | ||
| return false; |
There was a problem hiding this comment.
What do you think about supporting any value in this environment variable? It's not uncommon to want to set a variable like this to 1. We could just check for any non-null value.
Suggested change
| var val = Environment.GetEnvironmentVariable("NETQM_SUPPRESS_RDTSC"); | |
| if ("TRUE".Equals(val, StringComparison.OrdinalIgnoreCase)) | |
| return false; | |
| if (Environment.GetEnvironmentVariable("NETQM_SUPPRESS_RDTSC") is not null) | |
| return false; |
There was a problem hiding this comment.
The downside of this approach would be that setting the value to false would not do what you expect.
I'm happy with whatever you decide.
…n just "true". Added a reference to the github issue.
|
I made the change to use any value set to the environment variable as suggested and added a link to the github issue. |
drewnoakes
approved these changes
Sep 7, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The implementations using an environment variable rather than a static flag on an unrelated class.
Fixes #1071