Question about Spectre

By: anon (anon.delete@this.ymous.org), January 14, 2021 7:38 am
Room: Moderated Discussions
Since many people here are quite well-versed into the kernel, I though I'd ask. The Spectre paper states seems to suggest that the attacker process can leak victim process data through a shared library. I assume this means a crypto shared library used by both (Start of 4. in https://arxiv.org/pdf/1801.01203.pdf).

However, I am not really seeing how this would work. When the attacker process dynamically loads the shared library, none of the data manipulated by the library on behalf of the victim process should be mapped to the attacker VM space, would it ? At worst, the library's globals would be mapped as CoW and those could "leak" (they were always accessible, weren't they ?).

The fact that all manufacturers and the research community are scrambling to plug the hole makes me suspect that I am missing something (although the attack remains perfectly valid if you want to go after the kernel).

Many thanks if you can point to where I started getting it wrong !
 Next Post in Thread >
TopicPosted ByDate
Question about Spectreanon2021/01/14 07:38 AM
  Question about SpectreJon Masters2021/01/14 07:40 AM
    Question about Spectreanon2021/01/14 08:08 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell avocado?