Re: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak

From: Jiri Kosina
Date: Sun Oct 21 2018 - 19:32:30 EST

Next message: Eric S. Raymond: "Re: [PATCH 0/7] Code of Conduct: Fix some wording, and add an interpretation document"
Previous message: Andrew Lunn: "Re: [PATCH 1/9] net: dsa: bcm_sf2: simplify getting .driver_data"
In reply to: Pavel Machek: "Re: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 21 Oct 2018, Pavel Machek wrote:

> Imagine JIT running evil code (flash, javascript). JIT will prevent evil
> code from doing ptrace() (or maybe there is syscall filter in effect or
> something like that), but if evil code can poison branch buffers and do
> timings, security problem stays.

JITs sort of remove the traditional unix security domain boundary between
mutually (un)trusted code (processess and threads), that's a more general
problem, yes.

> Do we need prctl(I_DONT_RUN_EVIL_CODE)?

That's basically the level of fine-graining Tim's followup patchset
(that's currently being discussed) is eventually going to achieve.

Thanks,

--
Jiri Kosina
SUSE Labs

Next message: Eric S. Raymond: "Re: [PATCH 0/7] Code of Conduct: Fix some wording, and add an interpretation document"
Previous message: Andrew Lunn: "Re: [PATCH 1/9] net: dsa: bcm_sf2: simplify getting .driver_data"
In reply to: Pavel Machek: "Re: [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]