lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1515078515.3864.8.camel@HansenPartnership.com>
Date:   Thu, 04 Jan 2018 07:08:35 -0800
From:   James Bottomley <James.Bottomley@...senPartnership.com>
To:     Cedric Blancher <cedric.blancher@...il.com>,
        Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc:     platform-driver-x86@...r.kernel.org, x86@...nel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Borislav Petkov <bp@...e.de>,
        "David S. Miller" <davem@...emloft.net>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Grzegorz Andrejczuk <grzegorz.andrejczuk@...el.com>,
        Haim Cohen <haim.cohen@...el.com>,
        Ingo Molnar <mingo@...nel.org>,
        Janakarajan Natarajan <Janakarajan.Natarajan@....com>,
        Jim Mattson <jmattson@...gle.com>,
        Kan Liang <Kan.liang@...el.com>,
        "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        Kyle Huey <me@...ehuey.com>, Len Brown <len.brown@...el.com>,
        "open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
        "open list:FILESYSTEMS (VFS and infrastructure)" 
        <linux-fsdevel@...r.kernel.org>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Piotr Luc <piotr.luc@...el.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        Sean Christopherson <sean.j.christopherson@...el.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Tom Lendacky <thomas.lendacky@....com>,
        Vikas Shivappa <vikas.shivappa@...ux.intel.com>
Subject: Re: [PATCH v6 00/11] Intel SGX Driver

On Thu, 2018-01-04 at 15:17 +0100, Cedric Blancher wrote:
> So how does this protect against the MELTDOWN attack (CVE-2017-5754)
> and the MELTATOMBOMBA4 worm which uses this exploit?

Actually, a data exfiltration attack against SGX, using page tables has
already been documented:

https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/van-bulck

It doesn't exploit speculation as the mechanism for gathering data (it
exploits page faults), but the structure of the side channel attack
used to exfiltrate data from the supposedly secure enclave is very
similar to Spectre.  The targetting mechanism is very different,
though: the page table exploit assumes you can control the page tables,
so you must be highly privileged on the platform but with Spectre you
merely have to be an ordinary user.

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ