Date: Thu, 04 Jan 2018 16:01:51 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Erich Dollansky <freebsd.ed.lists@sumeritec.com> Cc: "Ronald F. Guilmette" <rfg@tristatelogic.com>, "freebsd-security\@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: Intel hardware bug Message-ID: <86vaghu0ps.fsf@desk.des.no> In-Reply-To: <20180104132807.266fe46c.freebsd.ed.lists@sumeritec.com> (Erich Dollansky's message of "Thu, 4 Jan 2018 13:28:07 %2B0800") References: <02563ce4-437c-ab96-54bb-a8b591900ba0@FreeBSD.org> <19876.1515025752@segfault.tristatelogic.com> <20180104132807.266fe46c.freebsd.ed.lists@sumeritec.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Erich Dollansky <freebsd.ed.lists@sumeritec.com> writes: > Intel used segments to separate things everybody hated. Everybody hated segment-level memory protection, but the i386 also introduced page-level memory protection, which was widely used and has since been expanded to provide features that were never available at the segment level. > Intel introduced later the rings, everybody ignored. Not at all. They just don't use all four. Unless you start looking at hardware virtualization extensions, which introduce additional protection levels. > Instead of keeping the things separated - as suggested by Intel's > design - people used shortcuts whenever possible. This is irrelevant. We are talking about timing-based side-channel attacks. The attacker is not able to access protected memory directly, but is able to deduce its contents by repeatedly performing illegal memory accesses and then checking how they affect the cache. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86vaghu0ps.fsf>