[Info-vax] Intel x86-64 Processor Design Security Vulnerability?
DaveFroble
davef at tsoft-inc.com
Thu Jan 4 09:25:58 EST 2018
Camiel Vanderhoeven wrote:
> Op donderdag 4 januari 2018 11:26:28 UTC+1 schreef Johann 'Myrkraverk' Oskarsson:
>> already5chosen at yahoo.com wrote:
>>
>>> There are two new methods of attack - Spectre and Meltdown.
>>> Separate page tables only help against Meltdown.
>> For people coming late to the party and aren't fully in on the
>> difference between the two, this is Meltdown:
>>
>> https://twitter.com/misc0110/status/948706387491786752
>>
>> Spectre is harder to exploit, but also harder if not impossible
>> to completely patch in software.
>
> Correct. Meltdown is easier to exploit, and enables data leaks across the user mode - kernel mode barrier. This can be patched in the OS. Spectre is much harder to exploit, and leaks data across the barrier between different processes' user mode (and possibly even from kernel mode, but that hasn't been proven). Absent a hardware fix, Spectre would require changes to pretty much any and all code - both OS and application - to mitigate. Just patching the codepaths that deal with sensitive information would not be enough; all code in the process-to-be-protected' working set would need to be patched.
This is all very interesting, and I don't have a clue about how to actually
perform such exploits, nor do I care to know. However, I think there is still
one thing that is essential in performing any such exploits. One would first
need access to the machine.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
More information about the Info-vax
mailing list