Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 18 Jun 2018, 19:44
All times are UTC - 4
 Forum index » Off-Topic Area » Security
SSB: Yet another security hole due to speculative execution
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [4 Posts]  
Author Message
prehistoric


Joined: 23 Oct 2007
Posts: 1733

PostPosted: Tue 22 May 2018, 17:32    Post subject:  SSB: Yet another security hole due to speculative execution  

Just when you thought you might be able to trust the hardware you are running, after patching for Meltdown, Specter and variants, there is a new exploit named SSB that finds timing differences caused by storing results of speculative execution.

The problem comes from fetching things before you can be sure of the address. If the predicted address is wrong, the natural fix is to dump the fetched data as invalid. Unfortunately, this still means you can get data from addresses that should be forbidden to a process into a register available to the microarchitecture, but not in the idealized machine model. Once there the difference in the time required for operations allows data to leak to processes that should never have had it. If you didn't have cores performing billions of instructions per second I don't think this would be very practical, because of the low bandwidth channel it offers into other processes.

Only a determined paranoid would have guessed this one.
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 1570
Location: N.E. USA

PostPosted: Sun 27 May 2018, 15:20    Post subject:  

This is evidently a serious "inter-cache" problem. kernnel dot org as of May 25 updates is patching some flaws related. As usual this will be on-going. As I read it, it appears that a single cache split between data and info is also affected. Some Intel MPU/CPU have this split-cache, including a few ATOMS (the E600 series).

Regards
8Geee

_________________
Linux user #498913

Some people need to reimagine their thinking.
Back to top
View user's profile Send private message 
ozsouth

Joined: 01 Jan 2010
Posts: 333
Location: S.E Australia

PostPosted: Wed 30 May 2018, 07:58    Post subject:  

From http://www.theregister.co.uk/2018/05/21/spectre_meltdown_v4_microsoft_google/

According to Intel, mitigations already released to the public for variant 1, which is the hardest vulnerability to tackle, should make attacks leveraging variant 4 much more difficult. In other words, web browsers, and similar programs with just-in-time execution of scripts and other languages, patched to thwart variant 1 attacks should also derail variant 4 exploits.
Back to top
View user's profile Send private message 
backi

Joined: 27 Feb 2011
Posts: 1504
Location: GERMANY

PostPosted: Mon 04 Jun 2018, 11:15    Post subject:
Subject description: Bodhi Linux shut down Distribution`s Forum due GDPR
 

Hi !
Bodhi Linux shut down Distribution`s Forum due GDPR :
https://www.bodhilinux.com/2018/06/03/forums-closed-due-to-gdpr/
https://www.eugdpr.org/

See also Distrowatch :
https://distrowatch.com/weekly.php?issue=20180604#news

I am no Expert ....what are the Consequences ......could PuppyLinux Forum also be affected ?
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [4 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0364s ][ Queries: 13 (0.0060s) ][ GZIP on ]