I wish it was more in-depth on e.g. repoline seemed to be a 5 second thing mentioned at the start. Does it go into a deep dive if you listen to the whole thing?
Yes, the guys are great, the guests always interesting and is a good way to keep up with C++, even for those of us that spend most of our times in other language eco-systems.
I still haven't seen a realistic exploit that recovers secret data without assistance. Does anybody have a link to anything?
If Specter and Meltdown aren't exploitable through something like JavaScript, my caring goes down to almost zero.
And all native code proofs of concept seem to rely on data being artificiall pushed into L1 cache repeatedly. Without this, I'm not ever sure a native code exploit is really possible.
Yeah, but there are more issues than just layout randomization, such as forcing data into L1 cache. Even the native code exploits run locally have a problem with this.
Thanks. I'll look at the paper though to see if this is still some hypothetical issue or more practical.
All it takes for data to end up in L1 cache is to access it (even only once)
You don't have to access it in a special way to make it end up in L1.
What you have to do for cache side channel attacks is to force data out of the cache, you can tell when the some other data gets in. This can get quite noisy if there is a lot of contention to the same cache lines.
Also remember that the information leak is not in the contents of the cached data, but in the address being cached.
11 comments
[ 4.5 ms ] story [ 38.9 ms ] threadLanguage preferences aside, this is one of the best programming podcasts I have come across.
https://www.youtube.com/watch?v=IPhvL3A-e6E
If Specter and Meltdown aren't exploitable through something like JavaScript, my caring goes down to almost zero.
And all native code proofs of concept seem to rely on data being artificiall pushed into L1 cache repeatedly. Without this, I'm not ever sure a native code exploit is really possible.
Gras, B., Razavi, K., Bosman, E., Bos, H., And Giuffrida, C. ASLR on the Line: Practical Cache Attacks on the MMU. In NDSS (2017)
You might want to check it out. I intended to over the weekend.
Cheers!
Thanks. I'll look at the paper though to see if this is still some hypothetical issue or more practical.