I'm trying to understand the severity of this issue.
The demo exploit described here http://eprint.iacr.org/2016/594 relies
on the fact the target program
and the attacker share the same memory image of the OpenSSL shared library.
If my program is statically linked to OpenSSL will that make it more
resistant to this type of attack?
Or will page de-duplication techniques like Linux KSM make it just as
vulnerable as a dynamically linked program?
/leif
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
