* Darren Tucker: > On Wed, 26 Sep 2018 at 19:32, Florian Weimer <fweimer@xxxxxxxxxx> wrote: >> We recently discovered that our OpenSSH distribution binaries contain >> retpoline thunks. It's due to this >> >> OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc >> OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc > > I was the one who added those. It was shortly after the disclosure of > Spectre, and the concern was that ssh, sshd and particularly ssh-agent > hold secrets where the disclosure of those across trust boundaries > would be various levels of bad. > > The documentation at the time was pretty sparse and it's not much > clearer now. What should a userspace program do for Spectre? Our internal recommendation is: do nothing. Userspace appears unfixable without hardware support. You can try processing data from different trust domains in different processes, then the kernel mitigations should deliver some protection. Kind of what ssh-agent does, I guess, or privilege separation. >> There have been other retpoline bugs in GCC which do not affect the >> kernel (or affect only rarely used kernel features), but are potentially >> visible in user space, so few distributions will backport those fixes to >> their distribution compilers. > > Can we determine which versions are affected? I'm afraid not easily. A lot of distribution compilers have seen some backports for building the kernel, but the amount of fixes beyond the initial backport is unclear. > If there's one known to work we can disable the check for versions > prior to that. There is no released GCC version with the fix. Thanks, Florian _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
