Web lists-archives.com

Re: “Meltdown” and “Spectre”: Every modern processor has unfixable security flaws




On 2018-01-04 at 12:22, Curt wrote:

> https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-fladdws/U
> 
> 
> TL;DR
> 
> Windows, Linux, and macOS have all received security patches that 
> significantly alter how the operating systems handle virtual memory
> in order to protect against a hitherto undisclosed flaw.
> ...
> In the immediate term, it looks like most systems will shortly have 
> patches for Meltdown. At least for Linux and Windows, these patches 
> allow end-users to opt out if they would prefer. The most vulnerable 
> users are probably cloud service providers; Meltdown and Spectre can 
> both in principle be used to further attacks against hypervisors, 
> making it easier for malicious users to break out of their virtual 
> machines.
> ...
> For typical desktop users, the risk is arguably less significant.
> While both Meltdown and Spectre can have value in expanding the scope
> of an existing flaw, neither one is sufficient on its own to, for
> example, break out of a Web browser.
> 
> Apparent moral of story for CPU: don't speculate (but it's
> significantly *slower*).

https://spectreattack.com/ has the best and most concise summary I've
seen yet, as well as links to various other places for in-depth details
(whitepapers and blog posts).


The situation as I understand it is basically that:

* Meltdown affects all Intel CPUs released since about 1995, except for
Itanium models and pre-2013 Atom models.

* Spectre appears to affect Intel, AMD, and ARM chips alike, going back
who-knows-how-far.

* Meltdown can be mitigated by security patches which people are rushing
out, but doing so has a performance cost, anywhere from 5% to 30%
depending on various factors.

* Spectre can only be fixed (or even meaningfully mitigated)
per-program, and doing so isn't necessarily trivial.

* Meltdown is relatively easy and straightforward to trigger, once you
know how.

* Spectre is harder to trigger and/or exploit, but still possible.

* Nobody knows whether either of these is being exploited in the wild.


Also,
https://techreport.com/news/33026/researchers-reveal-meltdown-and-spectre-cpu-exploits?post=1064251
is what looks to me like an "as near to layman's terms as we're likely
to get" explanation of how the Spectre exploit actually works.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man.         -- George Bernard Shaw

Attachment: signature.asc
Description: OpenPGP digital signature