There's no (meaningful) runtime performance difference between disabling it at compile vs runtime, correct?
On Friday, January 5, 2018 at 9:33:12 AM UTC-8, Thomas Nattestad wrote: > > Hello users and embedders of V8, > > On January 3rd, researchers from Google's Project Zero > <https://googleprojectzero.blogspot.com/2014/07/announcing-project-zero.html> > disclosed a new class of attacks <https://googleprojectzero.blogspot.com/> > which exploit speculative execution optimizations used by modern CPUs. > > As a user or embedder of V8, you may have questions regarding these > attacks and if they have any implications for you. We’ve put together a > new wiki page <https://github.com/v8/v8/wiki/Untrusted-code-mitigations> > regarding this topic that should serve to answer some of your questions. > > The main takeaway is that if you are an embedder such as Node.js that only > executes trustworthy code then there should be no security concerns from > these attack methods. In order to take advantage of the vulnerability, an > attacker has to execute carefully crafted JavaScript or WebAssembly code in > your embedded environment. If, as a developer, you have complete control > over the code executed in your embedded V8 instance, then that is very > unlikely to be possible. > > V8 is including some mitigation strategies for these attack methods as > part of V8 6.4.388.16. These will be on by default and we are putting them > behind a build flag to give embedders the option of whether they are > needed. More details can be found on the wiki page > <https://github.com/v8/v8/wiki/Untrusted-code-mitigations>. > > Sincerely, > The V8 Team > -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.