Closed
Bug 1428552
Opened 6 years ago
Closed 6 years ago
Speculation about potential spectre/meltdown mitigation workaround
Categories
(Core :: Security, enhancement)
Core
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1425462
People
(Reporter: TheOne, Unassigned)
Details
(Keywords: sec-other)
An acquaintance of mine posted https://twitter.com/mjmdavis/status/949283457385066496 . I am not too familiar with the details of the attack, so I'll leave it to the Security experts to assess. The code in text-form is: function time_thing(thing) { var initial_time = performance.now(); while(performance.now()==initial_time){}; var start_time = performance.now(); thing(); var end_time = performance.now(); var end_lag = 0; while(performance.now() == end_time){end_lag += 1;}; return {'time': end_time - start_time, 'lag': end_lag}; }
Comment 1•6 years ago
|
||
The timer changes we've done and have been working on can be circumvented by... many things. This looks like one of them. We're trying not to encourage people to dig too deeply on this right now, just to buy us more time, but we definitely know the timer changes we've done need a lot more work to make the attacker's job harder. (And just 'harder' - timer changes alone won't be able to mitigate the issue.)
Comment 2•6 years ago
|
||
The original speculation was in a public tweet -- should we just unhide this? And probably resolve it one way or another, too (dupe of the fuzzy time master bug?).
Flags: needinfo?(tom)
Updated•6 years ago
|
Group: core-security → core-security-release
Component: General → Security
Comment 3•6 years ago
|
||
Let's leave it hidden for a bit longer, my cavalier comment may induce an acceleration in the research. I'm just working on getting fuzzy time done as soon as I can; cause the private research is surely advancing or has advanced.
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(tom)
Resolution: --- → DUPLICATE
Updated•3 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•