Re: add Spectre variant 2 mitigations

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 6 February 2018 at 20:09, David Newall <openssh@xxxxxxxxxxxxxxx> wrote:
> Do we need to do anything?  It's not clear to me how SSH is vulnerable to
> Spectre -- that is, how SSH can be used to execute a Spectre attack?

I am more concerned with it being the target of a Spectre style
attack.  There's some long lived private data (host keys in the case
of sshd, session keys in the case of ssh and sshd and user keys in the
case of ssh-agent) and there's some scope to manipulate their
behaviour through external stimuli.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux