Re: Restricting rdtsc [was: kernel aslr]

To: Maxime Villard <max%m00nbsd.net@localhost>
Subject: Re: Restricting rdtsc [was: kernel aslr]
From: Alexander Nasonov <alnsn%yandex.ru@localhost>
Date: Tue, 28 Mar 2017 23:49:37 +0100

Maxime Villard wrote:
> Having read several papers on the exploitation of cache latency to defeat
> aslr (kernel or not), it appears that disabling the rdtsc instruction is a
> good mitigation on x86. However, some applications can legitimately use it,
> so I would rather suggest restricting it to root instead.

Why does root need it? For ntp? Properly implemented ntp should be
privsep'ed.

I think this should be either all-or-nothing. You either have rdtsc as
a time source or you don't. Similar for rdpmc (and other performance
counters).

-- 
Alex

References:
- Restricting rdtsc [was: kernel aslr]
  - From: Maxime Villard

Prev by Date: Re: Restricting rdtsc [was: kernel aslr]
Next by Date: Re: Restricting rdtsc [was: kernel aslr]
Previous by Thread: Re: Restricting rdtsc [was: kernel aslr]
Next by Thread: Re: Restricting rdtsc [was: kernel aslr]
Indexes:

Home | Main Index | Thread Index | Old Index