Archive for December 23, 2014

Tuesday, December 23, 2014 [Tweets] [Favorites]

Generating Go Code

Rob Pike (via David Nolen):

Programs that write programs are therefore important elements in software engineering, but programs like Yacc that produce source code need to be integrated into the build process so their output can be compiled. When an external build tool like Make is being used, this is usually easy to do. But in Go, whose go tool gets all necessary build information from the Go source, there is a problem. There is simply no mechanism to run Yacc from the go tool alone.

Until now, that is.

The latest Go release, 1.4, includes a new command that makes it easier to run such tools. It’s called gogenerate, and it works by scanning for special comments in Go source code that identify general commands to run. It’s important to understand that gogenerate is not part of gobuild. It contains no dependency analysis and must be run explicitly before running gobuild. It is intended to be used by the author of the Go package, not its clients.

Holiday Reading: Functional Programming

Natasha Murashev:

The more Swift code I write, the more I’m realizing I need to understand Functional Programming a lot better. So this holiday season, I’ll be reading a few books on the subject, and figuring out how to best apply functional principles to my Swift and iOS code in an ongoing effort.

Of course I turned to Twitter to figure out which books to read, and I got a great list.

Apple EFI Firmware Security Vulnerabilities

Trammell Hudson (via Lucian Constantin):

In this presentation we demonstrate the installation of persistent firmware modifications into the EFI boot ROM of Apple's popular MacBooks. The bootkit can be easily installed by an evil-maid via the externally accessible Thunderbolt ports and can survive reinstallation of OSX as well as hard drive replacements. Once installed, it can prevent software attempts to remove it and could spread virally across air-gaps by infecting additional Thunderbolt devices.

Update (2015-01-12): Dan Goodin:

Once installed, the bootkit—that is, malware that replaces the firmware that is normally used to boot Macs—can control the system from the very first instruction. That allows the malware to bypass firmware passwords, passwords users enter to decrypt hard drives and to preinstall backdoors in the operating system before it starts running. Because it’s independent of the operating system and hard drive, it will survive both reformatting and OS reinstallation. And since it replaces the digital signature Apple uses to ensure only authorized firmware runs on Macs, there are few viable ways to disinfect infected boot systems. The proof-of-concept is the first of its kind on the OS X platform. While there are no known instances of bootkits for OS X in the wild, there is currently no way to detect them, either.

Rich Mogull:

Dubbed Thunderstrike, the Thunderbolt-based attack is limited to situations where an attacker has physical access to a Mac and enough time to run it through a reboot and firmware installation cycle. Apple has partially addressed the vulnerability in recently released hardware (the iMac with Retina 5K display and the new Mac mini) and will be rolling out fixes to older hardware in the future.

Two aspects of the Thunderstrike proof-of-concept make it particularly serious. The first and most obvious is that most Macs remain vulnerable, and no antivirus software can help since Thunderstrike completely circumvents the operating system. Second, were Thunderstrike to be used to install malicious code, it would be hidden in a part of the system inaccessible to the user (the boot ROM, which is really a rewritable EEPROM chip) and would persist even if the boot drive were swapped out.