[Cryptography] Buffer Overflows & Spectre

Patrick Chkoreff pc at fexl.com
Wed Nov 21 11:57:23 EST 2018


Henry Baker wrote on 11/19/18 9:50 AM:

> Isn't it time for a *class action lawsuit* against every CPU vendor?
> 
> This is not just *negligence*, but outright *fraud*, because the CPU violates its own advertising !

The CPU produces the correct results for a given program as efficiently
as its designers could think to make it.  That's what customers were
paying for.  Even a speculative out-of-bounds array reference did not
violate that particular contract.

As we now know, the speculation can leak the contents of memory to other
processes running on the same machine.  Live and learn.  Someone will
have to devise new CPUs that are reasonably efficient but without side
channels.  It's easy to say now that "they should have known!" but that
doesn't make much sense because it's still not entirely clear what to do.

In the meantime:

"Don't allow malicious, attacker-controlled code to run on the same
CPU/CPU cluster as your precious secret-containing code" (Peter Gutmann)

On the other hand:

"If you’re running servers (etc.) then clients can spy on each other."
(Jon Callas)

And:

"If you’re running client software (oh, like a web browser running
Javascript), then you have to be careful that the JS doesn’t manage to
get a covert channel on other things." (Jon Callas)


I'm not too concerned about the server case because I can typically
control how clients behave.  The Javascript case is a little scary
though.  What happens if I visit cutekittens.ru while running gpg-agent?


-- Patrick


More information about the cryptography mailing list