On 1/14/2018 10:17 AM, Derrik Walker v2.0 via vcf-midatlantic wrote:
On 01/14/2018 09:04 AM, John Heritage via vcf-midatlantic wrote:
[...] I hope everyone else has vintage machines available to survive the security apocalypse this year :)
This is funny. But I was wondering about older Sparc and MIPS chips. Like is my O2 safe?
Both Sparc and MIPS are immune to Meltdown. Meltdown leverages out of order execution to give user codes access to the *entirety* of physical by exploiting a particular problem with the way Intel (and only Intel, it seems, not even AMD) handles caching. I think I read somewhere that MIPS in particular is totally immune to this problem in all cases due to the way the architecture handles separating user space from kernel space memory. Spectre may yet be a problem for Sparc and MIPS and any other processors that do speculative execution, but that exploit only gives access to the memory in the user's space, not the entirety of memory. The famous proof of concept right now is JavaScript code run in Firefox that gives access to the user's stored password in the Firefox memory space. In all cases, though, you have to *run rogue code* to have a problem. JavaScript probably isn't a problem for MIPS and Sparc.. ahem.. and consider the effort it would require to create a binary that could exploit the problem *and* get the few people running Sparcs and MIPS to run it all just to access user space memory... I'm not too worried. -Adam