I wouldn't think Javascript would have the accurate timing required to leverage this attack, but I don't really know enough about the language. Regardless, is there someone within FreeBSD that is working on patches for this set of problems, at least for Intel? Linux already has at least some, and I believe NetBSD does too. Of course Windows has already pushed out a Windows10 fix, 7 and 8 are coming. .................................... Andrew L. Duane - Principal Resident Engineer AT&T Advanced Services Technical Lead Juniper Quality Ambassador m???+1 603.770.7088 o +1 408.933.6944 (2-6944) skype: andrewlduane aduane at juniper.net -----Original Message----- From: owner-freebsd-hackers at freebsd.org [mailto:owner-freebsd-hackers at freebsd.org] On Behalf Of Eric McCorkle Sent: Friday, January 5, 2018 7:43 AM To: Jules Gilbert <repeatable_compression at yahoo.com>; Ronald F. Guilmette <rfg at tristatelogic.com>; Freebsd Security <freebsd-security at freebsd.org>; Brett Glass <brett at lariat.org>; Dag-Erling Sm?rgrav <des at des.no>; Poul-Henning Kamp <phk at phk.freebsd.dk>; freebsd-arch at freebsd.org; FreeBSD Hackers <freebsd-hackers at freebsd.org>; Shawn Webb <shawn.webb at hardenedbsd.org>; Nathan Whitehorn <nwhitehorn at freebsd.org> Subject: Re: Intel hardware bug On 01/05/2018 05:07, Jules Gilbert wrote:> Sorry guys, you just convinced me that no one, not the NSA, not the > FSB, no one!, has in the past, or will in the future be able to > exploit this to actually do something not nice.Attacks have already been demonstrated, pulling secrets out of kernel space with meltdown and http headers/passwords out of a browser with spectre. Javascript PoCs are already in existence, and we can expect them to find their way into adware-based malware within a week or two. Also, I'd be willing to bet you a year's rent that certain three-letter organizations have known about and used this for some time.> So what is this, really?, it's a market exploit opportunity for AMD.Don't bet on it. There's reports of AMD vulnerabilities, also for ARM. I doubt any major architecture is going to make it out unscathed. (But if one does, my money's on Power)
In message <SN1PR0501MB2125B36067CD93A5B95AC74DCE1C0 at SN1PR0501MB2125.namprd05.prod.out look.com>, Andrew Duane <aduane at juniper.net> wrote:>I wouldn't think Javascript would have the accurate timing required to leve>rage this attack, but I don't really know enough about the language.This brings up something I have been wondering about, although my guess is that much greater minds than mine have already considered this possible mitigation... If the meltdown or spectre (or both) attacks are based on careful analysis of timing information, following a memory fault, then why just just introduce a very tiny delay, of randomized duration, in the relevant kernel fault handler, following each such fault? (Since nothing I've read is talking about this, I am guessing that this would be an even bigger loser, performance-wise, than the mitigations that have been developed so far.) Regards, rfg
Andrew Duane wrote:> I wouldn't think Javascript would have the accurate timing required to > leverage this attack, but I don't really know enough about the language."The performance.now() method returns a DOMHighResTimeStamp, measured in milliseconds, accurate to five thousandths of a millisecond (5 microseconds)." https://developer.mozilla.org/en-US/docs/Web/API/Performance/now "We implemented a clock with a parallel counting thread using the SharedArrayBuffer. ... The resulting resolution is close to the resolution of the native timestamp counter. On our Intel Core i5 test machine, we achieve a resolution of up to 2ns using the shared array buffer. This is equivalent to a resolution of only 4 CPU cycles, which is 3 orders of magnitude better than the timestamp provided by performance.now." https://gruss.cc/files/fantastictimers.pdf ----------------------------------------------------------------- This message and any files transmitted within are intended solely for the addressee or its representative and may contain company proprietary information. If you are not the intended recipient, notify the sender immediately and delete this message. Publication, reproduction, forwarding, or content disclosure is prohibited without the consent of the original sender and may be unlawful. Concurrent Technologies Corporation and its Affiliates. www.ctc.com 1-800-282-4392 -----------------------------------------------------------------
On 1/5/2018 8:30 AM, Andrew Duane wrote:> Regardless, is there someone within FreeBSD that is working on patches for this set of problems, at least for Intel? Linux already has at least some, and I believe NetBSD does too. Of course Windows has already pushed out a Windows10 fix, 7 and 8 are coming.There is an official announcement on the FreeBSD site (quote below). Not sure about NetBSD, but DragonFly seems to have published some patches. Looks quite extensive :( https://www.phoronix.com/scan.php?page=news_item&px=DragonFly-Meltdown-Fixed " About the Meltdown and Spectre attacks: FreeBSD was made aware of the problems in late December 2017. We're working with CPU vendors and the published papers on these attacks to mitigate them on FreeBSD. Due to the fundamental nature of the attacks, no estimate is yet available for the publication date of patches." ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike at sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/