Response to Meltdown and Spectre
Peter Jeremy
peter at rulingia.com
Thu Jan 11 08:12:02 UTC 2018
On 2018-Jan-10 16:46:01 +0530, Sujit K M <sjt.kar at gmail.com> wrote:
>>From my understanding what is happening is that an array overflow is happening.
>Can't it be handled more generically.
The array overflow in the example code is solely a convenient mechanism to
make C reference an arbitrary virtual address. An attacker could import
code from another system so it's not possible to mitigate the vulnerability
by (eg) implementing bounds checking in a compiler.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20180111/6df2d2a6/attachment.sig>
More information about the freebsd-security
mailing list