clang way to patch for Spectre?
Lev Serebryakov
lev at FreeBSD.org
Thu Jan 4 20:43:04 UTC 2018
Hello Julian,
Thursday, January 4, 2018, 8:49:50 PM, you wrote:
>> https://reviews.llvm.org/D41723
>>
>>
> not really..
> What's to stop an unprivileged used bringing his own compiler? or a
> precompiled binary?
As far as I understand, Spectre can not cross boundaries, so precompiled
binary will be able read its own memory via bug. To read all memory via
Spectre (don't confuse it with Meltdown) code must be privileged. And this
codegen patch eliminate "gadgets" in kernel which could be exploited by
userland code.
--
Best regards,
Lev mailto:lev at FreeBSD.org
More information about the freebsd-security
mailing list