oss-sec mailing list archives
Re: Meltdown-US / Meltdown 3a Remaining Leakage
From: Michael Schwarz <michael.schwarz () cispa de>
Date: Sun, 8 Oct 2023 08:55:51 +0200
Hi Alexander, On 07.10.23 00:18, Solar Designer wrote:
Yes, that is true. Android, for example, prevents unprivileged access since version 8 to this file to prevent such attacks:In Linux, /proc/interrupts is generally world-readable. So perhaps that's something to fix first, since yes it's known to allow for keystroke timing attacks. Should be fixed in the kernel or/and chmod'ed by the userland. And then:
https://issuetracker.google.com/issues/37140047?pli=1If our proposed mitigation is implemented (e.g., as opt-in using a kernel command-line parameter), the implementation could additionally prevent unprivileged access to /proc/interrupts.
Michael -- Dr. Michael Schwarz Faculty CISPA Helmholtz Center for Information Security Stuhlsatzenhaus 5, Saarland Informatics Campus 66123 Saarbrücken, Germany Mail: michael.schwarz () cispa de Web: https://www.cispa.saarland
Current thread:
- Meltdown-US / Meltdown 3a Remaining Leakage Daniel Weber (Oct 06)
- Re: Meltdown-US / Meltdown 3a Remaining Leakage Solar Designer (Oct 06)
- Re: Meltdown-US / Meltdown 3a Remaining Leakage Michael Schwarz (Oct 08)
- Re: Meltdown-US / Meltdown 3a Remaining Leakage Solar Designer (Oct 06)