In message <sn1pr0501mb2125b36067cd93a5b95ac74dce...@sn1pr0501mb2125.namprd05.prod.out look.com>, Andrew Duane <[email protected]> wrote:
>I wouldn't think Javascript would have the accurate timing required to leve= >rage this attack, but I don't really know enough about the language. This brings up something I have been wondering about, although my guess is that much greater minds than mine have already considered this possible mitigation... If the meltdown or spectre (or both) attacks are based on careful analysis of timing information, following a memory fault, then why just just introduce a very tiny delay, of randomized duration, in the relevant kernel fault handler, following each such fault? (Since nothing I've read is talking about this, I am guessing that this would be an even bigger loser, performance-wise, than the mitigations that have been developed so far.) Regards, rfg _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
