On 06/04/2018 at 04:12 PM Alan Cox wrote: >> A malicious program most probably won't care about that. Therefore, my >> next question is: which memory regions can be exploited by a malicious >> program? The complete physical memory or only the memory provided to the >> malicious program? Should be the latter if this approach should have any >> impact. > > Spectre is not about memory regions. It's about speculative execution > leaving measurable footprints. What footprints you leave depend upon what > code you are executing. Thus the question becomes 'what can the target > access'. > > In order to attack something you need both a way to influence the code > concerned and a way to measure it. In addition it needs to have some > secret you want. > > In practice that usually means something on the same system with its own > memory space/privilege level. The usual cases then are user<->kernel and > managed application<->runtime.
Would this be a practical test case: Gather keys and passwords used by a ssh login by running a malicious program in parallel to sshd as another ordinary user w/o root access. Thanks, Andreas
