Re: Meltdown and spectre

  • From: Hans Forbrich <fuzzy.graybeard@xxxxxxxxx>
  • To: "Reen, Elizabeth" <elizabeth.reen@xxxxxxxx>, "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
  • Date: Mon, 8 Jan 2018 09:51:04 -0700

I suspect the OS manufactureres are in a position to do something about the problem.  Most people I know avoid firmware updates like the plague, and I'm not sure that a firmware update is actually going to solve the problem.  Besides, who would need to do it: chip manufacturers, bios manufacturers?

Cloud makes it worth exploiting.  But once the exploit is available, it'll likely be rolled out to all platforms with glee. No additional expense involved.

/Hans


On 2018-01-08 9:32 AM, Reen, Elizabeth wrote:


True. I had just read the news accounts so I was wondering why O/S manufacturers were making the patches. Neither side is clean here, but it was not really a problem if you had control of the whole server.  It’s only really become worth exploiting in the cloud.

Liz

Elizabeth Reen
CPB Database GroupManager
718.248.9930 (Office)

Service Now Group: CPB-ORACLE-DB-SUPPORT

*From:*oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] *On Behalf Of *Hans Forbrich
*Sent:* Friday, January 05, 2018 6:51 PM
*To:* oracle-l@xxxxxxxxxxxxx
*Subject:* Re: Meltdown and spectre

On 2018-01-05 2:33 PM, Reen, Elizabeth (Redacted sender elizabeth.reen for DMARC) wrote:

    I have a background in system engineering.  I don’t get how a chip
    can be exploited.  What code can be hacked there?

For speculative execution, a command is executed that MIGHT be required.  That command might ask to move stuff into some portion of memory, or need a specific page moved in.  If that command is then rolled back, what happens to the memory that it just filled? (Hint: it's still filled in, perhaps with a password.)  Back in the day (early 90s) when this stuff was dreamt up, the idea of flushing that memory on command rollback would not have been a concern - hacking was for fun, not profit, in those days.  It's not actually the code being hacked, as much as a side effect that is not properly handled.

It wasn't just the hardware guys, either.  We s/w devs were pretty sloppy about things like end-of-arrays and random pointers in our code, and few people worried about (or even understood) what happened at the chip level.  (Remember why Java came into being?)

/Hans


Other related posts: