On Sep 17, 2019, at 2:35 PM, allison via cctalk
<cctalk at classiccmp.org> wrote:
> ...
I see this as a question of the number of angels that can dance on the
point of a pin. But could GCC compile code that has system access to
do nasties is a more complex question. Then again how does it get
system prives to start with?
The issue with Spectre (and Meltdown, on the small set of architectures where that
applies) is that it discloses supposedly protected data to unprivileged processes. It
isn't a case of playing games starting from system privs; it's a case of learning
secret data (perhaps passwords from freed buffers) that were intended to be invisible to
your process.
I'd recommend the full academic paper on these attacks by Kocher et al. to anyone with
a serious interest in processor architectures -- which fits much of the membership of
these lists. Even if you don't work with machines that have this issue, or now that
it has been fixed in places where it does apply, it still is a marvelous piece of work and
understanding how it works is a great learning exercise.
I could easily imagine a computer science exam question "Describe in one paragraph
the specific design error that enabled the Meltdown attack".
paul