Re: Another security vulnerability

Liste des GroupesRevenir à c arch 
Sujet : Re: Another security vulnerability
De : anton (at) *nospam* mips.complang.tuwien.ac.at (Anton Ertl)
Groupes : comp.arch
Date : 26. Mar 2024, 17:36:26
Autres entêtes
Organisation : Institut fuer Computersprachen, Technische Universitaet Wien
Message-ID : <2024Mar26.173626@mips.complang.tuwien.ac.at>
References : 1 2 3 4 5 6
User-Agent : xrn 10.11
scott@slp53.sl.home (Scott Lurndal) writes:
Lawrence D'Oliveiro <ldo@nz.invalid> writes:
On Mon, 25 Mar 2024 17:07:16 GMT, Scott Lurndal wrote:
>
Run it in non-cacheable memory.  Slow but safe.
...
Running the crypto algorithms (when not offloaded to
on-chip accelerators) using non-cacheable memory as a workaround
until the hardware issues are ameliorated doesn't imply that
all other code needs to run non-cachable.

Then your crypto code is slow and unsafe.  The attacker will use the
rest of the application to extract the crypto keys, whether through
the cache side-channel of Spectre, or a prefetcher-based side channel.

- anton
--
'Anyone trying for "industrial quality" ISA should avoid undefined behavior.'
  Mitch Alsup, <c17fcd89-f024-40e7-a594-88a85ac10d20o@googlegroups.com>

Date Sujet#  Auteur
24 Mar 24 * Another security vulnerability58Stephen Fuld
24 Mar 24 +* Re: Another security vulnerability4MitchAlsup1
25 Mar 24 i+* Re: Another security vulnerability2Stefan Monnier
26 Mar 24 ii`- Re: Another security vulnerability1Michael S
26 Mar 24 i`- Re: Another security vulnerability1Michael S
24 Mar 24 +* Re: Another security vulnerability10Lawrence D'Oliveiro
25 Mar 24 i+- Re: Another security vulnerability1Stefan Monnier
25 Mar 24 i`* Re: Another security vulnerability8Stephen Fuld
25 Mar 24 i `* Re: Another security vulnerability7Lawrence D'Oliveiro
26 Mar 24 i  +* Re: Another security vulnerability5MitchAlsup1
26 Mar 24 i  i`* Re: Another security vulnerability4Lawrence D'Oliveiro
27 Mar 24 i  i `* Re: Another security vulnerability3Stephen Fuld
28 Mar 24 i  i  `* Re: Another security vulnerability2Lawrence D'Oliveiro
28 Mar 24 i  i   `- Re: Another security vulnerability1MitchAlsup1
26 Mar 24 i  `- Re: Another security vulnerability1Michael S
25 Mar 24 +* Re: Another security vulnerability18Thomas Koenig
25 Mar 24 i+* Re: Another security vulnerability16Anton Ertl
26 Mar 24 ii+* Re: Another security vulnerability13Lawrence D'Oliveiro
26 Mar 24 iii`* Re: Another security vulnerability12Anton Ertl
5 Jun 24 iii `* Re: Another security vulnerability11MitchAlsup1
5 Jun 24 iii  +* Re: Another security vulnerability9Anton Ertl
11 Jun 24 iii  i`* Re: Another security vulnerability8MitchAlsup1
11 Jun 24 iii  i +* Re: Another security vulnerability6Stephen Fuld
11 Jun 24 iii  i i`* Re: Another security vulnerability5MitchAlsup1
11 Jun 24 iii  i i `* Re: Another security vulnerability4Stephen Fuld
11 Jun 24 iii  i i  `* Re: Another security vulnerability3Terje Mathisen
11 Jun 24 iii  i i   `* SSDs (was: Another security vulnerability)2Stefan Monnier
11 Jun 24 iii  i i    `- Re: SSDs1Chris M. Thomasson
11 Jun 24 iii  i `- Re: Another security vulnerability1MitchAlsup1
11 Jun 24 iii  `- Re: Another security vulnerability1MitchAlsup1
26 Mar 24 ii`* Re: Another security vulnerability2Anton Ertl
26 Mar 24 ii `- Re: Another security vulnerability1Anton Ertl
25 Mar 24 i`- Re: Another security vulnerability1Michael S
25 Mar 24 +* Re: Another security vulnerability22Anton Ertl
26 Mar 24 i`* Re: Another security vulnerability21Michael S
27 Mar 24 i `* Re: Another security vulnerability20Thomas Koenig
27 Mar 24 i  +* Re: Another security vulnerability2Thomas Koenig
27 Mar 24 i  i`- Re: Another security vulnerability1Thomas Koenig
27 Mar 24 i  +- Re: Another security vulnerability1Anton Ertl
27 Mar 24 i  `* Re: Another security vulnerability16Anton Ertl
27 Mar 24 i   `* Re: Another security vulnerability15MitchAlsup1
28 Mar 24 i    +* Re: Another security vulnerability4MitchAlsup1
29 Mar 24 i    i`* Re: Another security vulnerability3Paul A. Clayton
29 Mar 24 i    i `* Re: Another security vulnerability2Paul A. Clayton
30 Mar 24 i    i  `- Re: Another security vulnerability1MitchAlsup1
3 Apr 24 i    `* Re: Another security vulnerability10Stefan Monnier
3 Apr 24 i     `* Re: Another security vulnerability9Thomas Koenig
3 Apr 24 i      +* Re: Another security vulnerability6MitchAlsup1
4 Apr 24 i      i`* Re: Another security vulnerability5Thomas Koenig
4 Apr 24 i      i `* Re: Another security vulnerability4MitchAlsup1
4 Apr 24 i      i  +- Re: Another security vulnerability1MitchAlsup1
7 Apr 24 i      i  `* Re: Another security vulnerability2Paul A. Clayton
8 Apr 24 i      i   `- Re: Another security vulnerability1MitchAlsup1
5 Apr 24 i      `* Re: Another security vulnerability2Stefan Monnier
5 Apr 24 i       `- Re: Another security vulnerability1MitchAlsup1
25 Mar 24 `* Re: Another security vulnerability3John Savard
25 Mar 24  `* Re: Another security vulnerability2Michael S
26 Mar 24   `- Re: Another security vulnerability1Lawrence D'Oliveiro

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal