Re: Concerns about enabling retpolines by default

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



* Darren Tucker:

> On Wed, 26 Sep 2018 at 19:32, Florian Weimer <fweimer@xxxxxxxxxx> wrote:
>> We recently discovered that our OpenSSH distribution binaries contain
>> retpoline thunks.  It's due to this
>>
>>             OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc
>>             OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc
>
> I was the one who added those.  It was shortly after the disclosure of
> Spectre, and the concern was that ssh, sshd and particularly ssh-agent
> hold secrets where the disclosure of those across trust boundaries
> would be various levels of bad.
> 
> The documentation at the time was pretty sparse and it's not much
> clearer now.  What should a userspace program do for Spectre?

Our internal recommendation is: do nothing.  Userspace appears unfixable
without hardware support.

You can try processing data from different trust domains in different
processes, then the kernel mitigations should deliver some protection.
Kind of what ssh-agent does, I guess, or privilege separation.

>> There have been other retpoline bugs in GCC which do not affect the
>> kernel (or affect only rarely used kernel features), but are potentially
>> visible in user space, so few distributions will backport those fixes to
>> their distribution compilers.
>
> Can we determine which versions are affected?

I'm afraid not easily.  A lot of distribution compilers have seen some
backports for building the kernel, but the amount of fixes beyond the
initial backport is unclear.

> If there's one known to work we can disable the check for versions
> prior to that.

There is no released GCC version with the fix.

Thanks,
Florian
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux