Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261459AbVEPRiW (ORCPT ); Mon, 16 May 2005 13:38:22 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261230AbVEPRiV (ORCPT ); Mon, 16 May 2005 13:38:21 -0400 Received: from imf19aec.mail.bellsouth.net ([205.152.59.67]:1670 "EHLO imf19aec.mail.bellsouth.net") by vger.kernel.org with ESMTP id S261459AbVEPRhX (ORCPT ); Mon, 16 May 2005 13:37:23 -0400 Date: Mon, 16 May 2005 07:37:16 -0500 From: Tommy Reynolds To: linux-kernel@vger.kernel.org Subject: Re: Hyper-Threading Vulnerability Message-Id: <20050516073716.36c21fa1.Tommy.Reynolds@MegaCoder.com> In-Reply-To: References: <1115963481.1723.3.camel@alderaan.trey.hu> <1116009347.1448.489.camel@localhost.localdomain> <4284F6B5.2080308@coyotegulch.com> X-Mailer: Sylpheed version 1.9.10 (GTK+ 2.6.4; i686-redhat-linux-gnu) X-Face: Nr)Jjr, spake thus: > It does show that if you want to hide key operations, you want to be=20 > careful. I don't think HT is at fault per se. Trivially easy when two processes share the same FS namespace. Consider two files: $ ls -l /tmp/a /tmp/b -rw------ 1 owner owner xxxxx /tmp/a -rw------ 1 owner owner xxxxx /tmp/b One file serves as a clock. Note that the permissions deny all access to everyone except the owner. The owner user then does this, intentionally or unintentionally: for x in 0 0 0 1 0 0 0 0 0 1 do rm -f /tmp/a /tmp/b case "$x" in 0 ) rm -f /tmp/a;; 1 ) touch /tmp/a;; esac touch /tmp/b sleep 2 done And the baddie does this: let n=3D1 let char=3D0 while (($n < 8)) do while [ ! -f /tmp/b ]; do sleep 0.5 done let char=3D((char << 1)) if [ -f /tmp/a ]; do let char=3D((char + 1)) done done printf "The letter was: %c\n" $char This is one of the classic TEMPEST problems that secure systems have long had to deal with. See, at no time did HT ever raise its ugly head ;-) Cheers --Signature=_Mon__16_May_2005_07_37_16_-0500_KlWkvA2U.qbfEzqs Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCiJP8/0ydqkQDlQERAuE/AJ9DP7QoMLRq3bfcZx4PLbl61jccZACgxryG KCFHhhWr+EVqaT9Ckn3+L1c= =Uhvo -----END PGP SIGNATURE----- --Signature=_Mon__16_May_2005_07_37_16_-0500_KlWkvA2U.qbfEzqs-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/