Intel hardware bug

Ronald F. Guilmette rfg at tristatelogic.com
Fri Jan 5 20:17:53 UTC 2018


In message <SN1PR0501MB2125B36067CD93A5B95AC74DCE1C0 at SN1PR0501MB2125.namprd05.prod.out
look.com>, Andrew Duane <aduane at juniper.net> wrote:

>I wouldn't think Javascript would have the accurate timing required to leve=
>rage this attack, but I don't really know enough about the language.

This brings up something I have been wondering about, although my guess is
that much greater minds than mine have already considered this possible
mitigation...

If the meltdown or spectre (or both) attacks are based on careful analysis
of timing information, following a memory fault, then why just just introduce
a very tiny delay, of randomized duration, in the relevant kernel fault handler,
following each such fault?

(Since nothing I've read is talking about this, I am guessing that this would
be an even bigger loser, performance-wise, than the mitigations that have been
developed so far.)


Regards,
rfg


More information about the freebsd-security mailing list