Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261402AbVEOBHX (ORCPT ); Sat, 14 May 2005 21:07:23 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261525AbVEOBHX (ORCPT ); Sat, 14 May 2005 21:07:23 -0400 Received: from 2-1-3-15a.ens.sth.bostream.se ([82.182.31.214]:18328 "EHLO zoo.weinigel.se") by vger.kernel.org with ESMTP id S261402AbVEOBHG (ORCPT ); Sat, 14 May 2005 21:07:06 -0400 To: Andrea Arcangeli Cc: Lee Revell , Dave Jones , Alan Cox , Matt Mackall , Andy Isaacson , Andi Kleen , "Richard F. Rebel" , Gabor MICSKO , Linux Kernel Mailing List , tytso@mit.edu Subject: Re: Hyper-Threading Vulnerability References: <1116009483.4689.803.camel@rebel.corp.whenu.com> <20050513190549.GB47131@muc.de> <20050513212620.GA12522@hexapodia.org> <20050513215905.GY5914@waste.org> <1116024419.20646.41.camel@localhost.localdomain> <1116025212.6380.50.camel@mindpipe> <20050513232708.GC13846@redhat.com> <1116027488.6380.55.camel@mindpipe> <20050513234406.GG13846@redhat.com> <1116056238.7360.9.camel@mindpipe> <20050514153307.GA6695@g5.random> From: Christer Weinigel Organization: Weinigel Ingenjorsbyra AB Date: 15 May 2005 03:07:04 +0200 In-Reply-To: <20050514153307.GA6695@g5.random> Message-ID: User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1145 Lines: 22 Andrea Arcangeli writes: > Nobody runs openssl -sign thousand of times in a row on a pure idle > system without noticing the 100% load on the other cpu for months Well, actually one does. On a normal https server, each https request results in an operation on the private key. So if the attacker shares the same web server as the victim it's probably rather easy for the attacker to see when the machine is idle and launch an attack giving him thousands of chances to spy on the victim. But I do agree that this probably isn't all that serious, for those who really have secrets to hide, they won't run their https server on a machine shared with anybody else. /Christer -- "Just how much can I get away with and still go to heaven?" Freelance consultant specializing in device driver programming for Linux Christer Weinigel http://www.weinigel.se - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/