RE: Meltdown and spectre
Date: Mon, 8 Jan 2018 16:32:54 +0000
Message-ID: <258575162B63424EB58DAE3A5475B6ED012CCF60D5_at_EXNJMB25.nam.nsroot.net>
True. I had just read the news accounts so I was wondering why O/S manufacturers were making the patches. Neither side is clean here, but it was not really a problem if you had control of the whole server. It’s only really become worth exploiting in the cloud.
Liz
Elizabeth Reen
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Hans Forbrich
Sent: Friday, January 05, 2018 6:51 PM
On 2018-01-05 2:33 PM, Reen, Elizabeth (Redacted sender elizabeth.reen for DMARC) wrote:
I have a background in system engineering. I don’t get how a chip can be exploited. What code can be hacked there?
For speculative execution, a command is executed that MIGHT be required. That command might ask to move stuff into some portion of memory, or need a specific page moved in. If that command is then rolled back, what happens to the memory that it just filled? (Hint: it's still filled in, perhaps with a password.) Back in the day (early 90s) when this stuff was dreamt up, the idea of flushing that memory on command rollback would not have been a concern - hacking was for fun, not profit, in those days. It's not actually the code being hacked, as much as a side effect that is not properly handled.
It wasn't just the hardware guys, either. We s/w devs were pretty sloppy about things like end-of-arrays and random pointers in our code, and few people worried about (or even understood) what happened at the chip level. (Remember why Java came into being?)
/Hans
CPB Database Group Manager
718.248.9930 (Office)
Service Now Group: CPB-ORACLE-DB-SUPPORT
To: oracle-l_at_freelists.org
Subject: Re: Meltdown and spectre
--
http://www.freelists.org/webpage/oracle-l
Received on Mon Jan 08 2018 - 17:32:54 CET