[Info-vax] Intel x86-64 Processor Design Security Vulnerability?
Camiel Vanderhoeven
iamcamiel at gmail.com
Thu Jan 4 05:38:22 EST 2018
Op donderdag 4 januari 2018 11:26:28 UTC+1 schreef Johann 'Myrkraverk' Oskarsson:
> already5chosen at yahoo.com wrote:
>
> > There are two new methods of attack - Spectre and Meltdown.
> > Separate page tables only help against Meltdown.
>
> For people coming late to the party and aren't fully in on the
> difference between the two, this is Meltdown:
>
> https://twitter.com/misc0110/status/948706387491786752
>
> Spectre is harder to exploit, but also harder if not impossible
> to completely patch in software.
Correct. Meltdown is easier to exploit, and enables data leaks across the user mode - kernel mode barrier. This can be patched in the OS. Spectre is much harder to exploit, and leaks data across the barrier between different processes' user mode (and possibly even from kernel mode, but that hasn't been proven). Absent a hardware fix, Spectre would require changes to pretty much any and all code - both OS and application - to mitigate. Just patching the codepaths that deal with sensitive information would not be enough; all code in the process-to-be-protected' working set would need to be patched.
More information about the Info-vax
mailing list