Re: Restricting rdtsc [was: kernel aslr]

To: Maxime Villard <max%m00nbsd.net@localhost>
Subject: Re: Restricting rdtsc [was: kernel aslr]
From: Andreas Gustafsson <gson%gson.org@localhost>
Date: Fri, 31 Mar 2017 20:23:45 +0300

Maxime Villard wrote:
> Having read several papers on the exploitation of cache latency to defeat
> aslr (kernel or not), it appears that disabling the rdtsc instruction is a
> good mitigation on x86. However, some applications can legitimately use it,
> so I would rather suggest restricting it to root instead.

It's ASLR that's broken, not rdtsc, and I strongly object to
restricting the latter just to that people can continue to gain
a false sense of security from the former.
-- 
Andreas Gustafsson, gson%gson.org@localhost

Prev by Date: Re: Exposing FUA as alternative to DIOCCACHESYNC for WAPBL
Next by Date: Re: Exposing FUA as alternative to DIOCCACHESYNC for WAPBL
Previous by Thread: Re: Restricting rdtsc [was: kernel aslr]
Next by Thread: Interested in ext3fs for GSoC
Indexes:

Home | Main Index | Thread Index | Old Index