[Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register
Wes Turner
wes.turner at gmail.com
Thu Sep 20 14:08:26 EDT 2018
On Thursday, September 20, 2018, Stefan Ring <stefanrin at gmail.com> wrote:
> On Tue, Sep 18, 2018 at 8:38 AM INADA Naoki <songofacandy at gmail.com>
> wrote:
>
> > I think this topic should split to two topics: (1) Guard Python
> > process from Spectre/Meltdown
> > attack from other process, (2) Prohibit Python code attack other
> > processes by using
> > Spectre/Meltdown.
>
> (3) Guard Python from performance degradation by overly aggressive
> Spectre "mitigation".
> Spectre has the potential of having a greater impact on cloud providers
than Meltdown. Whereas Meltdown allows unauthorized applications to read
from privileged memory to obtain sensitive data from processes running on
the same cloud server, Spectre can allow malicious programs to induce a
hypervisor to transmit the data to a guest system running on top of it.
- Private SSL certs
- Cached keys and passwords in non-zeroed RAM
- [...]
https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)
I really shouldn't need to apologise for bringing this up here.
Here's one:
https://github.com/Eugnis/spectre-attack/blob/master/Source.c
Is this too slow in CPython with:
- Coroutines (asyncio (tulip))
- PyPy JIT *
- Numba JIT *
- C Extensions *
- Cython *
* Not anyone here's problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20180920/f9deb698/attachment.html>
More information about the Python-Dev
mailing list