Re: Spectre

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

> Spectre is unrelated and does not depend on a mistake of this kind,
> since there you're dealing with speculative loads that ARE permitted
> as far as access control goes; they just aren't wanted because they
> are preceded by range checks or the like.

Yes.  I'm of two minds whether it's even fair to call spectre variants
like that a vulnerability.  (Spectre variants that exfiltrate values
from other processes, or from the kernel, are quite another story.)

On the one hand, of course, it is, in that it can be used to do things
like read outside sandboxes.

But, on the other hand, I can easily imagine a CPU designer looking at
it and saying "What's the big deal if this code can read that location?
It can get it anytime it wants with a simple load instruction anyway.",
something I have trouble disagreeing with.

So, I'm not sure whether I consider those spectre variants a CPU bug or
just a misfeature that makes sandboxing more difficult (in that it
provides unobvious ways to read memory).

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B