Spectre/Meltdown bug affecting Python ?
Grant Edwards
grant.b.edwards at gmail.com
Sat Jan 6 16:39:49 EST 2018
On 2018-01-06, Etienne Robillard <tkadm30 at yandex.com> wrote:
>
>
> Le 2018-01-06 à 15:49, J.O. Aho a écrit :
>> On 01/06/18 13:43, Etienne Robillard wrote:
>>> My understanding of this vulnerability is that speculative indirect
>>> calls in Linux kernel can be used to extract/filter memory content via
>>> side-channels.
>> Not just Linux, but all other OS:es, Microsoft and Apple been patching
>> in secret as they have a closed source approach, but ms-windows needs at
>> least one more patch before it can breath out, which will be released on
>> Tuesday.
>
> It's unclear to me whether AMD CPUs are affected by theses design flaws.
Everybody seems to agree that AMD CPUs are not affected by Meltdown.
The consensus is that AMD CPUs are probably affected by 2 of the 3
Spectre variants.
> Furthermore, I'd like to know if Python can mitigate hardware-specific
> timing attacks.
For CPython, probably not. Anything that Cpython tried to do could be
trivially defeated by using something like ctypes to make calls to
arbitrary machine code that was written to a file.
--
Grant Edwards grant.b.edwards Yow! Do I have a lifestyle
at yet?
gmail.com
More information about the Python-list
mailing list