https://lkml.org/lkml/2018/1/3/797
A *competent* CPU engineer would fix this by making sure speculation > doesn't happen across protection domains. Maybe even a L1 I$ that is > keyed by CPL. https://news.ycombinator.com/item?id=10518480 Aye, too many people have this defeatist attitude that since perfect > security will never be possible, therefore the only valid solution is > reactive security (bug-patch cycles). Patch dependence is considered too > entrenched for making some changes like replacing ambient authority with > capabilities, using failure-oblivious computing [1] to redirect invalid > reads and writes, using separation kernels, information flow control, > proper MLS [2], program shepherding for origin and control flow monitoring > [3] and general fault tolerance/self-healing [4]. > I used to look up to Linus Torvalds as many did, but am increasingly > beginning to see him as a threat to the advancement of the industry with > his faux pragmatism that has led him to speak out against everything from > security to microkernels and kernel debuggers. > [1] https://www.doc.ic.ac.uk/~cristic/papers/fo-osdi-04.pdf > [2] http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.52.... > [3] https://www.usenix.org/legacy/events/sec02/full_papers/kiria... > [4] https://www.cs.columbia.edu/~angelos/Papers/2007/mmm-acns-se...
