On 01/05/18 06:55, C Bergström wrote:
On Fri, Jan 5, 2018 at 8:42 PM, Eric McCorkle <[email protected]> wrote:
On 01/05/2018 05:07, Jules Gilbert wrote:
Sorry guys, you just convinced me that no one, not the NSA, not the FSB,
no one!, has in the past, or will in the future be able to exploit this
to actually do something not nice.
Attacks have already been demonstrated, pulling secrets out of kernel
space with meltdown and http headers/passwords out of a browser with
spectre. Javascript PoCs are already in existence, and we can expect
them to find their way into adware-based malware within a week or two.
Also, I'd be willing to bet you a year's rent that certain three-letter
organizations have known about and used this for some time.
So what is this, really?, it's a market exploit opportunity for AMD.
Don't bet on it. There's reports of AMD vulnerabilities, also for ARM.
I doubt any major architecture is going to make it out unscathed. (But
if one does, my money's on Power)
Nope, the only arch that I'm aware of that gets past this is SPARC(hah!)
due to the seperate userland and kernel memory virtualization.
_______________________________________________
POWER has the same thing. It's actually stronger separation, since user
processes don't share addresses either -- all processes, including the
kernel, have windowed access to an 80-bit address space, so no process
can even describe an address in another process's address space. There
are ways, of course, in which IBM could have messed up the
implementation, so the fact that it *should* be secure does not mean it
*is*.
SPARC avoids the issue because almost all implementations are in-order.
-Nathan
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
