[Info-vax] Intel x86-64 Processor Design Security Vulnerability?
Bob Gezelter
gezelter at rlgsc.com
Thu Jan 4 09:06:21 EST 2018
On Thursday, January 4, 2018 at 1:02:44 AM UTC-5, Derrell Piper wrote:
> On Wednesday, January 3, 2018 at 9:09:18 PM UTC-8, Andy Burns wrote:
> > Derrell Piper wrote:
> >
> > > Jann Horn, Project Zero deserves credit for this one:
> >
> > <https://spectreattack.com>
>
> I don't know what that site is, and I don't find it particularly interesting either. Any technical discussions about this bug are welcome here. Please leave your hype at the door.
With all due respect, the Spectre "site" is a gateway to the papers written by the teams that discovered both exploits.
As Hoff has noted, breaking address space randomization is not presently an issue for OpenVMS, as OpenVMS does not yet (emphasis, YET) randomize addresses.
However, the comments about using areas of code in the kernel mapping region are of interest. The exploitation of the interaction between speculative execution (or fetching) to uncover the values of otherwise inaccessible data is a processor flaw. Fixing an exploit which uses cache timing to uncover data is going to be an interesting challenge.
Bottom line: The vulnerability is subtle and elegant. Best starting point is to read the papers thoroughly.
- Bob Gezelter, http://www.rlgsc.com
More information about the Info-vax
mailing list