Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 4 Jan 2018 23:42:55 +0300
From:      Lev Serebryakov <lev@FreeBSD.org>
To:        Julian Elischer <julian@freebsd.org>,  "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject:   Re: clang way to patch for Spectre?
Message-ID:  <1401022152.20180104234255@serebryakov.spb.ru>
In-Reply-To: <43417734-d420-5be9-333b-8d0d02d7a58a@freebsd.org>
References:  <291645341.20180104190237@serebryakov.spb.ru> <43417734-d420-5be9-333b-8d0d02d7a58a@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello Julian,

Thursday, January 4, 2018, 8:49:50 PM, you wrote:

>> https://reviews.llvm.org/D41723
>>
>>
> not really..
> What's to stop an unprivileged used bringing his own compiler? or a
> precompiled binary?
 As far as I understand, Spectre can not cross boundaries, so precompiled
binary will be able read its own memory via bug. To read all memory via
Spectre (don't confuse it with Meltdown) code must be privileged. And this
codegen patch eliminate "gadgets" in kernel which could be exploited by
userland code.

-- 
Best regards,
 Lev                            mailto:lev@FreeBSD.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1401022152.20180104234255>