info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
clang way to patch for Spectre?
0 views
Skip to first unread message
Lev Serebryakov
Jan 4, 2018, 11:03:58 AM1/4/18
to
Hello Freebsd-security,
https://reviews.llvm.org/D41723
--
Best regards,
Lev mailto:l...@FreeBSD.org
_______________________________________________
freebsd-...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-securi...@freebsd.org"
https://reviews.llvm.org/D41723
--
Best regards,
Lev mailto:l...@FreeBSD.org
_______________________________________________
freebsd-...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-securi...@freebsd.org"
Julian Elischer
Jan 4, 2018, 12:50:28 PM1/4/18
to
On 5/1/18 12:02 am, Lev Serebryakov wrote:
> Hello Freebsd-security,
>
> https://reviews.llvm.org/D41723
>
>
not really..
What's to stop an unprivileged used bringing his own compiler? or a
precompiled binary?
> Hello Freebsd-security,
>
> https://reviews.llvm.org/D41723
>
>
not really..
What's to stop an unprivileged used bringing his own compiler? or a
precompiled binary?
Gordon Tetlow
Jan 4, 2018, 1:18:38 PM1/4/18
to
On Thu, Jan 4, 2018 at 10:49 AM, Julian Elischer <jul...@freebsd.org> wrote:
> On 5/1/18 12:02 am, Lev Serebryakov wrote:
>>
>> Hello Freebsd-security,
>>
>> https://reviews.llvm.org/D41723
>>
>>
> not really..
>
> What's to stop an unprivileged used bringing his own compiler? or a
> precompiled binary?
If I'm reading this right (and there is a good chance I'm not), since
> On 5/1/18 12:02 am, Lev Serebryakov wrote:
>>
>> Hello Freebsd-security,
>>
>> https://reviews.llvm.org/D41723
>>
>>
> not really..
>
> What's to stop an unprivileged used bringing his own compiler? or a
> precompiled binary?
unprivileged users don't bring the kernel or system libraries to the
system, the mitigations would still work.
Gordon
Karsten König
Jan 4, 2018, 1:25:49 PM1/4/18
to
Hi,
On 01/04/2018 18:49, Julian Elischer wrote:
> On 5/1/18 12:02 am, Lev Serebryakov wrote:
>> Hello Freebsd-security,
>>
>> https://reviews.llvm.org/D41723
>>
>>
> not really..
>
> What's to stop an unprivileged used bringing his own compiler? or a
> precompiled binary?
>
From my understanding: The patch is only for variant 2 of the Google P0
blog post[0]. Variant 2 describes how to access memory of a VM host from
a guest by tricking kernel modules into caching arbitary inside the CPU
cache. But if these are compiled with the patch[1] an attacker can't
trick the kernel modules or other applications compiled with it.
Best,
Karsten
[0]
https://googleprojectzero.blogspot.de/2018/01/reading-privileged-memory-with-side.html
[1] Which I assume to be correct, I haven't looked into it
On 01/04/2018 18:49, Julian Elischer wrote:
> On 5/1/18 12:02 am, Lev Serebryakov wrote:
>> Hello Freebsd-security,
>>
>> https://reviews.llvm.org/D41723
>>
>>
> not really..
>
> What's to stop an unprivileged used bringing his own compiler? or a
> precompiled binary?
>
blog post[0]. Variant 2 describes how to access memory of a VM host from
a guest by tricking kernel modules into caching arbitary inside the CPU
cache. But if these are compiled with the patch[1] an attacker can't
trick the kernel modules or other applications compiled with it.
Best,
Karsten
[0]
https://googleprojectzero.blogspot.de/2018/01/reading-privileged-memory-with-side.html
[1] Which I assume to be correct, I haven't looked into it
Lev Serebryakov
Jan 4, 2018, 3:43:22 PM1/4/18
to
Hello Julian,
Thursday, January 4, 2018, 8:49:50 PM, you wrote:
>> https://reviews.llvm.org/D41723
>>
>>
> not really..
> What's to stop an unprivileged used bringing his own compiler? or a
> precompiled binary?
As far as I understand, Spectre can not cross boundaries, so precompiled
binary will be able read its own memory via bug. To read all memory via
Spectre (don't confuse it with Meltdown) code must be privileged. And this
codegen patch eliminate "gadgets" in kernel which could be exploited by
userland code.
Thursday, January 4, 2018, 8:49:50 PM, you wrote:
>> https://reviews.llvm.org/D41723
>>
>>
> not really..
> What's to stop an unprivileged used bringing his own compiler? or a
> precompiled binary?
binary will be able read its own memory via bug. To read all memory via
Spectre (don't confuse it with Meltdown) code must be privileged. And this
codegen patch eliminate "gadgets" in kernel which could be exploited by
userland code.
0 new messages