clang way to patch for Spectre?

Lev Serebryakov lev at FreeBSD.org
Thu Jan 4 20:43:04 UTC 2018


Hello Julian,

Thursday, January 4, 2018, 8:49:50 PM, you wrote:

>> https://reviews.llvm.org/D41723
>>
>>
> not really..
> What's to stop an unprivileged used bringing his own compiler? or a
> precompiled binary?
 As far as I understand, Spectre can not cross boundaries, so precompiled
binary will be able read its own memory via bug. To read all memory via
Spectre (don't confuse it with Meltdown) code must be privileged. And this
codegen patch eliminate "gadgets" in kernel which could be exploited by
userland code.

-- 
Best regards,
 Lev                            mailto:lev at FreeBSD.org



More information about the freebsd-security mailing list