Sujet : Re: Privilege Levels Below User
De : mitchalsup (at) *nospam* aol.com (MitchAlsup1)
Groupes : comp.archDate : 09. Jun 2024, 19:19:07
Autres entêtes
Organisation : Rocksolid Light
Message-ID : <f0bbd7d9790a11d3ce9ee1cff5e86b5b@www.novabbs.org>
References : 1 2
User-Agent : Rocksolid Light
John Savard wrote:
On Fri, 07 Jun 2024 12:03:03 -0600, John Savard
<quadibloc@servername.invalid> wrote:
The first reduced-privilege state would not allow any branch
instructions, particularly conditional branches.
>
The second, in addition, would not allow any access to memory, only
allowing access to registers.
Maybe I haven't made clear what this is _for_ as I thought it would be
obvious.
If no branches... then no need for retpolines and stuff.
My 66000 needs no retpolnes for external calls/returns or for
SVCs and SVRs.
If no access to memory... no worries about rowhammer.
Rowhammer can be eliminated without restricting access to memory.
Given that, a third mode - not reduced-privilege so much as
reduced-efficiency - suggests itself.
Cause some code to be executed... without any speculative execution;
allow branches, but don't execute anything until where the branch goes
is fully resolved.
This deals with Spectre and friends.
Spectré exploits the inability to keep microarchitectural state hidden
from architectural state. Design the pipeline correctly and you won't
Spectré, Meltdown, or friends...
So the idea is to give an unprivileged user application, like a web
browser, a capability, without going through the operating system, to
run code that is sandboxed in appropriate ways to prevent it from
causing trouble although it is untrusted.
That browsers have to be able to run untrusted JavaScript (and,
formerly, even Java and Flash, which have now been discarded) to
support the flexibility desired for modern web sites... has been the
basic reason why computers today are insecure. If the only code that
ran on computers was trusted code, then the virus situation would be
like it was back in the days of 8-bit computers; except for
supply-chain attacks, just don't run pirated software, and you're
pretty much safe.
John Savard
Date | Sujet | # | | Auteur |
7 Jun 24 | Privilege Levels Below User | 119 | | John Savard |
7 Jun 24 | Re: Privilege Levels Below User | 1 | | MitchAlsup1 |
7 Jun 24 | Re: Privilege Levels Below User | 9 | | MitchAlsup1 |
9 Jun 24 | Re: Privilege Levels Below User | 8 | | John Savard |
10 Jun 24 | Re: Privilege Levels Below User | 7 | | Lawrence D'Oliveiro |
10 Jun 24 | Re: Privilege Levels Below User | 6 | | John Savard |
10 Jun 24 | Re: Privilege Levels Below User | 4 | | MitchAlsup1 |
11 Jun 24 | Re: Privilege Levels Below User | 2 | | John Savard |
11 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
11 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
11 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
8 Jun 24 | Re: Privilege Levels Below User | 4 | | Lawrence D'Oliveiro |
8 Jun 24 | Re: Privilege Levels Below User | 1 | | John Dallman |
8 Jun 24 | Re: Not history, Privilege Levels Below User | 2 | | John Levine |
9 Jun 24 | Re: Not history, Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
8 Jun 24 | Re: Privilege Levels Below User | 66 | | MitchAlsup1 |
9 Jun 24 | Re: Privilege Levels Below User | 14 | | Lawrence D'Oliveiro |
9 Jun 24 | Re: Privilege Levels Below User | 1 | | David Schultz |
10 Jun 24 | Re: Privilege Levels Below User | 11 | | Lawrence D'Oliveiro |
11 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
11 Jun 24 | Re: time-sharing history, Privilege Levels Below User | 9 | | John Levine |
12 Jun 24 | Re: time-sharing history, Privilege Levels Below User | 8 | | Lawrence D'Oliveiro |
12 Jun 24 | Re: time-sharing history, Privilege Levels Below User | 7 | | John Levine |
12 Jun 24 | Re: time-sharing history, Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
12 Jun 24 | Re: time-sharing history, Privilege Levels Below User | 5 | | Lynn Wheeler |
13 Jun 24 | Re: time-sharing history, Privilege Levels Below User | 4 | | Lawrence D'Oliveiro |
13 Jun 24 | Re: time-sharing history, Privilege Levels Below User | 3 | | Lynn Wheeler |
13 Jun 24 | Re: time-sharing history, Privilege Levels Below User | 2 | | Lawrence D'Oliveiro |
13 Jun 24 | Re: time-sharing history, Privilege Levels Below User | 1 | | Lynn Wheeler |
24 Oct 24 | Re: Privilege Levels Below User | 1 | | MitchAlsup1 |
9 Jun 24 | Re: Privilege Levels Below User | 2 | | Anton Ertl |
10 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
10 Jun 24 | Re: Privilege Levels Below User | 8 | | Anton Ertl |
11 Jun 24 | Re: Privilege Levels Below User | 4 | | Lawrence D'Oliveiro |
12 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
12 Jun 24 | Re: Privilege Levels Below User | 2 | | Thomas Koenig |
12 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
11 Jun 24 | Re: Privilege Levels Below User | 3 | | Lawrence D'Oliveiro |
12 Jun 24 | Re: Privilege Levels Below User | 1 | | George Neuner |
12 Jun 24 | Re: Privilege Levels Below User | 1 | | John Dallman |
10 Jun 24 | Re: Privilege Levels Below User | 15 | | Terje Mathisen |
10 Jun 24 | Re: Privilege Levels Below User | 4 | | Michael S |
11 Jun 24 | Re: Privilege Levels Below User | 3 | | Lawrence D'Oliveiro |
11 Jun 24 | Re: Privilege Levels Below User | 2 | | MitchAlsup1 |
12 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
11 Jun 24 | Re: Privilege Levels Below User | 5 | | Lawrence D'Oliveiro |
12 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
13 Jun 24 | Re: Privilege Levels Below User | 3 | | MitchAlsup1 |
13 Jun 24 | Re: Privilege Levels Below User | 2 | | Lawrence D'Oliveiro |
13 Jun 24 | Re: Privilege Levels Below User | 1 | | Michael S |
11 Jun 24 | Re: Privilege Levels Below User | 5 | | Terje Mathisen |
11 Jun 24 | Re: Privilege Levels Below User | 4 | | Michael S |
12 Jun 24 | Re: Privilege Levels Below User | 1 | | Stefan Monnier |
13 Jun 24 | Re: Privilege Levels Below User | 2 | | Lawrence D'Oliveiro |
14 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
14 Jun 24 | Re: Privilege Levels Below User | 26 | | Paul A. Clayton |
14 Jun 24 | Re: Privilege Levels Below User | 25 | | MitchAlsup1 |
14 Jun 24 | Re: Privilege Levels Below User | 4 | | Lawrence D'Oliveiro |
14 Jun 24 | Re: Privilege Levels Below User | 3 | | John Savard |
14 Jun 24 | Re: Privilege Levels Below User | 2 | | Lawrence D'Oliveiro |
15 Jun 24 | Re: Privilege Levels Below User | 1 | | John Dallman |
14 Jun 24 | Re: Privilege Levels Below User | 20 | | John Savard |
15 Jun 24 | Re: Privilege Levels Below User | 19 | | Thomas Koenig |
15 Jun 24 | Re: Privilege Levels Below User | 18 | | Lawrence D'Oliveiro |
15 Jun 24 | Re: Privilege Levels Below User | 3 | | Anton Ertl |
15 Jun 24 | Re: Privilege Levels Below User | 1 | | Thomas Koenig |
16 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
15 Jun 24 | Re: Privilege Levels Below User | 14 | | John Dallman |
16 Jun 24 | Re: Privilege Levels Below User | 12 | | Lawrence D'Oliveiro |
16 Jun 24 | Re: Privilege Levels Below User | 11 | | Michael S |
16 Jun 24 | Re: Privilege Levels Below User | 10 | | Lawrence D'Oliveiro |
16 Jun 24 | Re: Privilege Levels Below User | 9 | | Michael S |
16 Jun 24 | Re: Privilege Levels Below User | 3 | | Thomas Koenig |
16 Jun 24 | Re: Privilege Levels Below User | 2 | | Michael S |
16 Jun 24 | Re: Privilege Levels Below User | 1 | | Terje Mathisen |
16 Jun 24 | Re: Privilege Levels Below User | 5 | | Lawrence D'Oliveiro |
16 Jun 24 | Re: Privilege Levels Below User | 4 | | Michael S |
16 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
16 Jun 24 | Re: Privilege Levels Below User | 2 | | Torbjorn Lindgren |
17 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
16 Jun 24 | Re: Privilege Levels Below User | 1 | | Robert Swindells |
8 Jun 24 | Re: Privilege Levels Below User | 7 | | BGB |
9 Jun 24 | Re: Privilege Levels Below User | 3 | | MitchAlsup1 |
9 Jun 24 | Re: Privilege Levels Below User | 2 | | BGB |
10 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
10 Jun 24 | Re: Privilege Levels Below User | 3 | | Terje Mathisen |
10 Jun 24 | Re: Privilege Levels Below User | 2 | | Anton Ertl |
10 Jun 24 | Re: Privilege Levels Below User | 1 | | BGB |
8 Jun 24 | Re: Privilege Levels Below User | 1 | | Chris M. Thomasson |
9 Jun 24 | Re: Privilege Levels Below User | 2 | | John Savard |
11 Jun 24 | Re: Privilege Levels Below User | 1 | | Lawrence D'Oliveiro |
9 Jun 24 | Re: Privilege Levels Below User | 28 | | John Savard |
9 Jun 24 | Re: Privilege Levels Below User | 25 | | Anton Ertl |
9 Jun 24 | Re: Privilege Levels Below User | 24 | | John Savard |
9 Jun 24 | Re: Privilege Levels Below User | 1 | | MitchAlsup1 |
10 Jun 24 | Re: Privilege Levels Below User | 22 | | Anton Ertl |
10 Jun 24 | Re: Privilege Levels Below User | 1 | | MitchAlsup1 |
11 Jun 24 | Re: Privilege Levels Below User | 20 | | John Savard |
11 Jun 24 | Re: Privilege Levels Below User | 14 | | MitchAlsup1 |
11 Jun 24 | Re: Privilege Levels Below User | 3 | | MitchAlsup1 |
11 Jun 24 | Re: Privilege Levels Below User | 2 | | John Savard |
11 Jun 24 | Re: Privilege Levels Below User | 10 | | John Savard |
11 Jun 24 | Re: Privilege Levels Below User | 5 | | Niklas Holsti |
9 Jun 24 | Re: Privilege Levels Below User | 2 | | MitchAlsup1 |