Date: Fri, 05 Jan 2018 12:17:50 -0800 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: Freebsd Security <freebsd-security@freebsd.org> Subject: Re: Intel hardware bug Message-ID: <5241.1515183470@segfault.tristatelogic.com> In-Reply-To: <SN1PR0501MB2125B36067CD93A5B95AC74DCE1C0@SN1PR0501MB2125.namprd05.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <SN1PR0501MB2125B36067CD93A5B95AC74DCE1C0@SN1PR0501MB2125.namprd05.prod.out look.com>, Andrew Duane <aduane@juniper.net> wrote: >I wouldn't think Javascript would have the accurate timing required to leve= >rage this attack, but I don't really know enough about the language. This brings up something I have been wondering about, although my guess is that much greater minds than mine have already considered this possible mitigation... If the meltdown or spectre (or both) attacks are based on careful analysis of timing information, following a memory fault, then why just just introduce a very tiny delay, of randomized duration, in the relevant kernel fault handler, following each such fault? (Since nothing I've read is talking about this, I am guessing that this would be an even bigger loser, performance-wise, than the mitigations that have been developed so far.) Regards, rfg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5241.1515183470>