lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20180107.210447.857032573629357172.davem@davemloft.net>
Date:   Sun, 07 Jan 2018 21:04:47 -0500 (EST)
From:   David Miller <davem@...emloft.net>
To:     tglx@...utronix.de
Cc:     James.Bottomley@...senPartnership.com, w@....eu,
        gnomes@...rguk.ukuu.org.uk, alexei.starovoitov@...il.com,
        torvalds@...ux-foundation.org, dan.j.williams@...el.com,
        linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org,
        ak@...ux.intel.com, arnd@...db.de, gregkh@...uxfoundation.org,
        peterz@...radead.org, netdev@...r.kernel.org, mingo@...hat.com,
        hpa@...or.com
Subject: Re: [PATCH 06/18] x86, barrier: stop speculation for failed
 access_ok

From: Thomas Gleixner <tglx@...utronix.de>
Date: Sun, 7 Jan 2018 19:31:41 +0100 (CET)

> 2) Alexei's analyis is purely based on the public information of the google
>    zero folks. If it would be complete and the only attack vector all fine.
> 
>    If not and I doubt it is, we're going to regret this decision faster
>    than we made it and this is not the kind of play field where we can
>    afford that.

Please state this more clearly.

Do you know about other attack vectors and just are not allowed to
talk about them?

Or is this, ironically, speculation?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ