Claire Xen  🏳️‍⚧️ 🏳️‍🌈 🧙🏻‍♀️ BLM  🏴 🚩

okay i actually fucking LOVE this bug so much omg. this is even better than i thought it was. sorry, i apologize, i'm gonna fangirl a little bit here sorry https://twitter.com/argvee/status/948682737057189888 …

As I understand, this is the basic concept for meltdown and spectre but everyone says spectre is harder to exploit and affects all processors, including AMD with no way to patch. Can you explain the difference between meltdown and spectre that explains this tidbit?

i wrote this before the names/distinctions were out, but -- meltdown: using this technique to break VM protection (e.g. steal kernel memory)

spectre: harder to exploit, more general, far harder to mitigate: using this technique to steal data *within* a program, e.g. a website's javascript stealing other data in the browser

the distinction here is that spectre *doesn't violate memory protections* and largely involves abusing existing code paths (ROP-style).

I see. That’s more clear. Thanks! I am still a bit confused why spectre can’t be patched w/out hardware architecture changes while meltdown can. These proposed hardware changes basically mean adding security checks prior to speculation right? So slower speeds vs. previous gen?

meltdown: unmap kernel memory before returning to userspace, thereby making speculation impossible. only possible to begin with on chips that allow speculation across privilege boundaries

spectre: there's no memory protection involved so good fxcking luck