Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 5 Jan 2018 22:55:14 +0800
From:      =?UTF-8?B?QyBCZXJnc3Ryw7Zt?= <cbergstrom@pathscale.com>
To:        Eric McCorkle <eric@metricspace.net>
Cc:        Jules Gilbert <repeatable_compression@yahoo.com>,  "Ronald F. Guilmette" <rfg@tristatelogic.com>, Freebsd Security <freebsd-security@freebsd.org>,  Brett Glass <brett@lariat.org>, =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@des.no>,  Poul-Henning Kamp <phk@phk.freebsd.dk>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>,  FreeBSD Hackers <freebsd-hackers@freebsd.org>, Shawn Webb <shawn.webb@hardenedbsd.org>,  Nathan Whitehorn <nwhitehorn@freebsd.org>
Subject:   Re: Intel hardware bug
Message-ID:  <CAOnawYpe5V-kUn4tLWKyBcDmsKqUP9-VNRhfDG48VMFWFbq6Vw@mail.gmail.com>
In-Reply-To: <250f3a77-822b-fba5-dcd7-758dfec94554@metricspace.net>
References:  <736a2b77-d4a0-b03f-8a6b-6a717f5744d4@metricspace.net> <2594.1515141192@segfault.tristatelogic.com> <809675000.867372.1515146821354@mail.yahoo.com> <250f3a77-822b-fba5-dcd7-758dfec94554@metricspace.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 5, 2018 at 8:42 PM, Eric McCorkle <eric@metricspace.net> wrote:

> On 01/05/2018 05:07, Jules Gilbert wrote:
> > Sorry guys, you just convinced me that no one, not the NSA, not the FSB,
> > no one!, has in the past, or will in the future be able to exploit this
> > to actually do something not nice.
>
> Attacks have already been demonstrated, pulling secrets out of kernel
> space with meltdown and http headers/passwords out of a browser with
> spectre.  Javascript PoCs are already in existence, and we can expect
> them to find their way into adware-based malware within a week or two.
>
> Also, I'd be willing to bet you a year's rent that certain three-letter
> organizations have known about and used this for some time.
>
> > So what is this, really?, it's a market exploit opportunity for AMD.
>
> Don't bet on it.  There's reports of AMD vulnerabilities, also for ARM.
> I doubt any major architecture is going to make it out unscathed.  (But
> if one does, my money's on Power)
>

Nope, the only arch that I'm aware of that gets past this is SPARC(hah!)
due to the seperate userland and kernel memory virtualization.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOnawYpe5V-kUn4tLWKyBcDmsKqUP9-VNRhfDG48VMFWFbq6Vw>