Re: add Spectre variant 2 mitigations

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 06/02/18 09:29, Darren Tucker wrote:
Both GCC and clang are adding mitigations for Spectre variant 2 although
neither have yet made a release and neither are on by default.

After trolling through and building release candidate branches for both
I believe this is what is required for the ssh programs

Do we need to do anything?  It's not clear to me how SSH is vulnerable to Spectre -- that is, how SSH can be used to execute a Spectre attack?  Browsers are vulnerable because they can be made to load and run abitrary JS programs.  Although SSH can be used to execute arbitrary programs, they don't run within the SSH processes.  Do we truly need to do anything?

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux