On Thu, 2018-01-04 at 10:49 -0500, Daniel Wilkins wrote: > On Thu, Jan 04, 2018 at 10:21:12AM -0500, Allan Streib wrote: > > "Alceu R. de Freitas Jr." <glasswal...@yahoo.com.br> writes: > > > > > I guess Intel does not give a shit about non-profit groups. Linux > > > got > > > this attention because there are a lot of players making money > > > from > > > it, players that surely have some sort of partnership with Intel. > > > > From what I have read in the past 24 hours, the spectre attacks are > > not > > limited to Intel CPUs, but in theory could affect any that use > > speculative execution (including, at least, modern ARM designs and > > AMD > > processors). > > > > My uninformed take on this is that when you allow anyone in the > > world to > > run programs on your systems (i.e. JavaScript in browsers, "cloud" > > hosted virtual machines running on shared hardware, etc.) these > > sorts of > > things occasionally happen. No CPUs or software are perfectly > > secure. > > > > Allan > > > > From what I understand, AMD has come out and explicitly said that > their > architecture isn't and has never been vulnerable, while Intel's said > that > it affects every processor in the last 20+ years and that it's "not a > big > deal for most users" because it's only a kernel memory *read*. > >
I'm admittedly not an expert on all things kernel, but allowing user space programs to read kernel space memory seems ... bad. Read/write would be worse, granted
