|
|
|
|
|
|
by jnordwick
3047 days ago
|
|
|
> Spectre software "fixes" are either extremely expensive They don't have to be done everywhere though. Just on js array accesses and the masking options seem better than the fencing option. It doesn't have to be done on every array access, and i many cases it probably isn't practically exploitable. We still don't have a working, real world exploit in js without assistance. The speculation windows are in practice pretty small (10 instructions maybe), plus you have to find the memory you want to read, mistrain the branch predictor and flush the cpu cache between every read, etc... And do all this before that piece of memory you found moves or is overwritten. > there goes the security of all current HTML/JS engines. Pretty much. In places devs forget to protect against spectre there can be a possible exploit. Ooo causes similarly difficult to find issues with threading where the dev needs to think long and hard about how instructions hit the cpu, but we manage. |
|
|