tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Restricting rdtsc [was: kernel aslr]
Taylor R Campbell wrote:
> > Date: Tue, 28 Mar 2017 16:58:58 +0200
> > From: Maxime Villard <max%m00nbsd.net@localhost>
> >
> > Having read several papers on the exploitation of cache latency to defeat
> > aslr (kernel or not), it appears that disabling the rdtsc instruction is a
> > good mitigation on x86. However, some applications can legitimately use it,
> > so I would rather suggest restricting it to root instead.
>
> Put barriers in the way of legitimate applications to thwart
> hypothetical attackers who will... step around them and use another
> time source, of which there are many options in the system? This
> sounds more like cutting off the nose to spite the face than a good
> mitigation against real attacks.
Old thread but the authors of the spectre paper did exactly what Taylor said:
https://spectreattack.com/spectre.pdf
"JavaScript does not provide access to the rdtscp instruction, and
Chrome intentionally degrades the accuracy of its high-resolution
timer to dissuade timing attacks using performance.now() [1]. However,
the Web Workers feature of HTML5 makes it simple to create a separate
thread that repeatedly decrements a value in a shared memory location
[18, 32]. This approach yielded a high-resolution timer that provided
sufficient resolution."
--
Alex
Home |
Main Index |
Thread Index |
Old Index