Intel hardware bug
Eric McCorkle
eric at metricspace.net
Thu Jan 4 17:06:26 UTC 2018
On 01/04/2018 12:03, Eric McCorkle wrote:
> You could block meltdown, I suppose, by making the entire
> kernel address space absolutely forbidden under penalty of an
> uncatchable signal.
Actually, scratch that; it doesn't work. The caches are still affected,
and could be measured by another core.
I suppose you could attempt to flush them upon killing a process in this
way, but you still have a window, so it's only a probabilistic defense.
More information about the freebsd-security
mailing list