On 01/05/2018 05:07, Jules Gilbert wrote:> Sorry guys, you just convinced me that no one, not the NSA, not the FSB, > no one!, has in the past, or will in the future be able to exploit this > to actually do something not nice.Attacks have already been demonstrated, pulling secrets out of kernel space with meltdown and http headers/passwords out of a browser with spectre. Javascript PoCs are already in existence, and we can expect them to find their way into adware-based malware within a week or two. Also, I'd be willing to bet you a year's rent that certain three-letter organizations have known about and used this for some time.> So what is this, really?, it's a market exploit opportunity for AMD.Don't bet on it. There's reports of AMD vulnerabilities, also for ARM. I doubt any major architecture is going to make it out unscathed. (But if one does, my money's on Power)
I wouldn't think Javascript would have the accurate timing required to leverage this attack, but I don't really know enough about the language. Regardless, is there someone within FreeBSD that is working on patches for this set of problems, at least for Intel? Linux already has at least some, and I believe NetBSD does too. Of course Windows has already pushed out a Windows10 fix, 7 and 8 are coming. .................................... Andrew L. Duane - Principal Resident Engineer AT&T Advanced Services Technical Lead Juniper Quality Ambassador m???+1 603.770.7088 o +1 408.933.6944 (2-6944) skype: andrewlduane aduane at juniper.net -----Original Message----- From: owner-freebsd-hackers at freebsd.org [mailto:owner-freebsd-hackers at freebsd.org] On Behalf Of Eric McCorkle Sent: Friday, January 5, 2018 7:43 AM To: Jules Gilbert <repeatable_compression at yahoo.com>; Ronald F. Guilmette <rfg at tristatelogic.com>; Freebsd Security <freebsd-security at freebsd.org>; Brett Glass <brett at lariat.org>; Dag-Erling Sm?rgrav <des at des.no>; Poul-Henning Kamp <phk at phk.freebsd.dk>; freebsd-arch at freebsd.org; FreeBSD Hackers <freebsd-hackers at freebsd.org>; Shawn Webb <shawn.webb at hardenedbsd.org>; Nathan Whitehorn <nwhitehorn at freebsd.org> Subject: Re: Intel hardware bug On 01/05/2018 05:07, Jules Gilbert wrote:> Sorry guys, you just convinced me that no one, not the NSA, not the > FSB, no one!, has in the past, or will in the future be able to > exploit this to actually do something not nice.Attacks have already been demonstrated, pulling secrets out of kernel space with meltdown and http headers/passwords out of a browser with spectre. Javascript PoCs are already in existence, and we can expect them to find their way into adware-based malware within a week or two. Also, I'd be willing to bet you a year's rent that certain three-letter organizations have known about and used this for some time.> So what is this, really?, it's a market exploit opportunity for AMD.Don't bet on it. There's reports of AMD vulnerabilities, also for ARM. I doubt any major architecture is going to make it out unscathed. (But if one does, my money's on Power)
On Fri, Jan 5, 2018 at 8:42 PM, Eric McCorkle <eric at metricspace.net> wrote:> On 01/05/2018 05:07, Jules Gilbert wrote: > > Sorry guys, you just convinced me that no one, not the NSA, not the FSB, > > no one!, has in the past, or will in the future be able to exploit this > > to actually do something not nice. > > Attacks have already been demonstrated, pulling secrets out of kernel > space with meltdown and http headers/passwords out of a browser with > spectre. Javascript PoCs are already in existence, and we can expect > them to find their way into adware-based malware within a week or two. > > Also, I'd be willing to bet you a year's rent that certain three-letter > organizations have known about and used this for some time. > > > So what is this, really?, it's a market exploit opportunity for AMD. > > Don't bet on it. There's reports of AMD vulnerabilities, also for ARM. > I doubt any major architecture is going to make it out unscathed. (But > if one does, my money's on Power) >Nope, the only arch that I'm aware of that gets past this is SPARC(hah!) due to the seperate userland and kernel memory virtualization.
On 01/05/2018 09:55, C Bergstr?m wrote:> Don't bet on it.? There's reports of AMD vulnerabilities, also for ARM. > I doubt any major architecture is going to make it out unscathed.? (But > if one does, my money's on Power) > > > Nope, the only arch that I'm aware of that gets past this is SPARC(hah!) > due to the seperate userland and kernel memory virtualization.Alas, poor Sparc. I knew them, Horatio... It looks like Red Hat is indeed reporting Power9 to be vulnerable: https://access.redhat.com/security/vulnerabilities/speculativeexecution Unfortunate. I hope they get fixed silicon out in time for the Talos II workstation.