Hi, On 01/04/2018 18:49, Julian Elischer wrote: > On 5/1/18 12:02 am, Lev Serebryakov wrote: >> Hello Freebsd-security, >> >> https://reviews.llvm.org/D41723 >> >> > not really.. > > What's to stop an unprivileged used bringing his own compiler? or a > precompiled binary? >
>From my understanding: The patch is only for variant 2 of the Google P0 blog post[0]. Variant 2 describes how to access memory of a VM host from a guest by tricking kernel modules into caching arbitary inside the CPU cache. But if these are compiled with the patch[1] an attacker can't trick the kernel modules or other applications compiled with it. Best, Karsten [0] https://googleprojectzero.blogspot.de/2018/01/reading-privileged-memory-with-side.html [1] Which I assume to be correct, I haven't looked into it _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
