|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2018-07-10 20:48:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] Spectre V1 defense in GCC
In many ways, Spectre variant 1 (the bounds-check bypass vulnerability) is
the ugliest of the Meltdown/Spectre set, despite being relatively difficult
to exploit. Any given code base could be filled with V1 problems, but they
are difficult to find and defend against. Static analysis can help, but
the available tools are few, mostly proprietary, and prone to false
positives. There is also a lack of efficient, architecture-independent
ways of addressing Spectre V1 in user-space code. As a result, only a
limited effort (at most) to find and fix Spectre V1 vulnerabilities has
been made in most projects. An effort to add some defenses to GCC may help
to make this situation better, but it comes at a cost of its own.
In many ways, Spectre variant 1 (the bounds-check bypass vulnerability) is
the ugliest of the Meltdown/Spectre set, despite being relatively difficult
to exploit. Any given code base could be filled with V1 problems, but they
are difficult to find and defend against. Static analysis can help, but
the available tools are few, mostly proprietary, and prone to false
positives. There is also a lack of efficient, architecture-independent
ways of addressing Spectre V1 in user-space code. As a result, only a
limited effort (at most) to find and fix Spectre V1 vulnerabilities has
been made in most projects. An effort to add some defenses to GCC may help
to make this situation better, but it comes at a cost of its own.
