[Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register
Franklin? Lee
leewangzhong+python at gmail.com
Tue Sep 18 15:22:37 EDT 2018
On Tue, Sep 18, 2018 at 2:40 AM INADA Naoki <songofacandy at gmail.com> wrote:
>
> On Tue, Sep 18, 2018 at 7:08 AM Wes Turner <wes.turner at gmail.com> wrote:
> >
> > To summarize:
> >
> > - CPython may be vulnerable to speculative execution vulnerabilities, but none are known.
> > - In general, CPython is currently too slow for speculative execution exploitation to be practical.
> > - Sandboxed, JIT'ed JS is not too slow for speculative execution exploitation to be practical
> > - (Not otherwise discussed here: PyPy's sandboxed JIT may not be too slow for speculative execution exploitation to be practical.)
> >
>
> As far as I know, execution speed is important for attacker, not victim.
> In case of JavaScript, browser may load attacking code and run it while
> user watching websites.
> Browsers provides sandbox for JS, but attacker code may be able to
> bypass the sandbox by Spectre or Meltdown. So browsers disabled
> high precision timer until OSes are updated.
>
> This topic is totally unrelated to compiler options: these compiler options
> doesn't prohibit running attacking code, it just guard branches from
> branch target injection.
>
> Does my understanding collect? Why should we discuss about execution speed?
According to this article, the malicious program needs to act in the
amount of time it takes for the CPU to load a value from memory and
invalidate a branch prediction:
https://hackernoon.com/timing-is-everything-understanding-the-meltdown-and-spectre-attacks-5e1946e44f9f
More information about the Python-Dev
mailing list