[Info-vax] Intel x86-64 Processor Design Security Vulnerability?
Arne Vajhøj
arne at vajhoej.dk
Thu Jan 4 11:21:41 EST 2018
On 1/4/2018 9:25 AM, DaveFroble wrote:
> Camiel Vanderhoeven wrote:
>> Op donderdag 4 januari 2018 11:26:28 UTC+1 schreef Johann 'Myrkraverk'
>> Oskarsson:
>>> already5chosen at yahoo.com wrote:
>>>> There are two new methods of attack - Spectre and Meltdown.
>>>> Separate page tables only help against Meltdown.
>>> For people coming late to the party and aren't fully in on the
>>> difference between the two, this is Meltdown:
>>>
>>> https://twitter.com/misc0110/status/948706387491786752
>>>
>>> Spectre is harder to exploit, but also harder if not impossible
>>> to completely patch in software.
>>
>> Correct. Meltdown is easier to exploit, and enables data leaks across
>> the user mode - kernel mode barrier. This can be patched in the OS.
>> Spectre is much harder to exploit, and leaks data across the barrier
>> between different processes' user mode (and possibly even from kernel
>> mode, but that hasn't been proven). Absent a hardware fix, Spectre
>> would require changes to pretty much any and all code - both OS and
>> application - to mitigate. Just patching the codepaths that deal with
>> sensitive information would not be enough; all code in the
>> process-to-be-protected' working set would need to be patched.
>
> This is all very interesting, and I don't have a clue about how to
> actually perform such exploits, nor do I care to know. However, I think
> there is still one thing that is essential in performing any such
> exploits. One would first need access to the machine.
Yes.
But:
1) Some systems run multiple applications for multiple users.
2) Even for single application/user context it is bad, because
it reduces defense in depth - if the bad guys get in without
privs then they can use this to get further in
Arne
More information about the Info-vax
mailing list