From: Ozgur <ozgur@goosey.org>
Envelope-From: okaratas@yandex.com.tr
To: Theodore Ts'o <tytso@mit.edu>, Avi Kivity <avi@scylladb.com>
Cc: Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
In-Reply-To: <20180107122918.GE2404@thunk.org>
References: <a5398c4e-be02-0de6-5c76-c37320011eef@scylladb.com>
         <20180106200232.67387c5a@alans-desktop>
         <dc3d9f6b-248e-a201-004f-43d99bc7ada0@scylladb.com> <20180107122918.GE2404@thunk.org>
Subject: Re: Proposal: CAP_PAYLOAD to reduce Meltdown and Spectre mitigation costs
MIME-Version: 1.0
Message-Id: <341211515328469@web54o.yandex.ru>
Date: Sun, 07 Jan 2018 15:34:29 +0300
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=utf-8
Sender: linux-kernel-owner@vger.kernel.org


07.01.2018, 15:29, "Theodore Ts'o" <tytso@mit.edu>:
> On Sun, Jan 07, 2018 at 11:16:28AM +0200, Avi Kivity wrote:
>>  I think capabilities will work just as well with cgroups. The container
>>  manager will set CAP_PAYLOAD to payload containers; and if those run an init
>>  system or a container manager themselves, they'll drop CAP_PAYLOAD for all
>>  process/sub-containers but their payloads.
>
> The reason why cgroups are better is Spectre can be used to steal
> information from within the same privilege level --- e.g., you could
> use Javascript to steal a user's Coindesk credentials or Lastpass
> data, which is going to be *way* more lucrative than trying to mine
> cryptocurrency in the sly in a user's browser. :-)

I think the web coin mining pages also work with this method they probably use JS in the background but currently, impossible to do kernel-level operations.
All process start on the browser level and Spectre not read kernel memory, right?

Ozgur

> As a result, you probably want Spectre mitigations to be enabled in a
> root process --- which means capabilities aren't the right answer.
>
> Regards,
>
>                                                 - Ted