From owner-freebsd-security@freebsd.org Thu Jan 11 08:12:01 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E78F0E7662A for ; Thu, 11 Jan 2018 08:12:01 +0000 (UTC) (envelope-from peter@rulingia.com) Received: from vps.rulingia.com (vps.rulingia.com [103.243.244.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.rulingia.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 88B79DB8 for ; Thu, 11 Jan 2018 08:12:00 +0000 (UTC) (envelope-from peter@rulingia.com) Received: from server.rulingia.com (ppp59-167-167-3.static.internode.on.net [59.167.167.3]) by vps.rulingia.com (8.15.2/8.15.2) with ESMTPS id w0B8BiNv075438 (version=TLSv1.2 cipher=DHE-RSA-CHACHA20-POLY1305 bits=256 verify=OK); Thu, 11 Jan 2018 19:11:51 +1100 (AEDT) (envelope-from peter@rulingia.com) X-Bogosity: Ham, spamicity=0.000000 Received: from server.rulingia.com (localhost.rulingia.com [127.0.0.1]) by server.rulingia.com (8.15.2/8.15.2) with ESMTPS id w0B8BcHj010087 (version=TLSv1.2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256 verify=NO); Thu, 11 Jan 2018 19:11:38 +1100 (AEDT) (envelope-from peter@server.rulingia.com) Received: (from peter@localhost) by server.rulingia.com (8.15.2/8.15.2/Submit) id w0B8Bc66010086; Thu, 11 Jan 2018 19:11:38 +1100 (AEDT) (envelope-from peter) Date: Thu, 11 Jan 2018 19:11:38 +1100 From: Peter Jeremy To: Sujit K M Cc: freebsd-security@freebsd.org Subject: Re: Response to Meltdown and Spectre Message-ID: <20180111081138.GA10072@server.rulingia.com> References: <20180108175751.GH9701@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://www.rulingia.com/keys/peter.pgp User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jan 2018 08:12:02 -0000 --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2018-Jan-10 16:46:01 +0530, Sujit K M wrote: >>From my understanding what is happening is that an array overflow is happ= ening. >Can't it be handled more generically. The array overflow in the example code is solely a convenient mechanism to make C reference an arbitrary virtual address. An attacker could import code from another system so it's not possible to mitigate the vulnerability by (eg) implementing bounds checking in a compiler. --=20 Peter Jeremy --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE7rKYbDBnHnTmXCJ+FqWXoOSiCzQFAlpXHDpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEVF QjI5ODZDMzA2NzFFNzRFNjVDMjI3RTE2QTU5N0EwRTRBMjBCMzQACgkQFqWXoOSi CzScxQ//eUrTDRLDkdXM/mr7XvQI04/L8rVdOWToPoopZumfnBBu94gJZuUDbda9 uLfJr19ObHQaf0sRFyJ0KVDPnzCj/quhYiFVtDUvNWbhv2IkUIFZKFoLbiDBLGOv TCgcCcI8LhAKdZd6vv6p73Lyv2rojIxOJ+nke1hIaqiQH4TEDt0+epwWGFtriI+r 2KKCwycufBaRriAxExqIG7Bkh4svaZQmWpN4uyg6sYjxKsPYN6iMUNYgEmFR0NiV eJZIst3mvwYhorECNyiVVf+T8U1S/MHOFTBnzgKZN3qMFZJZr426GNsy/Wnz4k3d tIEX0bGKSIRFtTEdlytKOZW/WkqNsyGtAeyMjFaPjUWK9w7z5YJeDg2171KcG+YG bwKCsbfhdy4wpGk6RvjNLQ/Smvg63XLIq6BrVBlUvy5A/cbmVsUpoht6eidpxs/N PGobjq9drbiB4RZ+rV1Ij/R5/JUgCEVJVzTYXBMr859w1L+9crXqpwA/KA/+fTZv /J/C8Usc6AFX4Ds9NSnYd71/EiNmgPCZSZYAWneJWYdvkPAoxrDr5Ujpi1OQD/aW 59COG6eftLV6KBPPpv93zHM1cRq1gp3RYDZzKO2a9YJOutuXIPhRE0XIV4dVnpQZ DB8pJeWabC3V5t8qxXZiMwhzArgT7Rox637oniQe+IdCSo7uQV0= =psn/ -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx--