To be clear, I think we *should* do Fission, but we should be honest with ourselves about what the benefits are relative to the work…
-
-
Well, Fission was clearly announced as an answer to Spectre and alike.
1 reply 0 retweets 0 likes -
Replying to @MikeHommey @samth
So was Site Isolation in Chrome. Site Isolation has obvious benefits as a way to mitigate memory safety vulnerabilities between untrusted domains. Its use as a Spectre solution is much less clear to me.
1 reply 0 retweets 4 likes -
To be clear: if we wanted to fix Spectre in Firefox, we could use hacks to scramble the branch predictor and BTB before executing JS in a different domain than the last one we executed. This would be more effective than Fission/Site Isolation, AFAICT.
1 reply 0 retweets 1 like -
I don't see how it would work. Wouldn't that be racy when multiple processes are involved? Imagine context switches between your "scramble" step and the "execute the JS" step.
2 replies 0 retweets 2 likes -
Yeah, you’re right, it doesn’t work.
1 reply 0 retweets 1 like -
Replying to @pcwalton @BRIAN_____ and
Though if you had IBPB, then you could implement that operation by switching over to a new Gecko thread/process that shares all the memory and can’t ptrace. Yeah, it’s a hack, but it’d be a lot less work than Site Isolation.
0 replies 0 retweets 0 likes -
True, and unfortunate. I’m still sad that Spectre is treated as an “all hands on deck” emergency—one that played a not-insignificant role in killing a browser engine, in fact. It’s very hard to exploit and process isolation doesn’t even fully help today.
2 replies 0 retweets 2 likes -
Replying to @pcwalton @BRIAN_____ and
I’m ignorant here (as in most things) - what browser engine was killed by Spectre?
1 reply 0 retweets 0 likes
EdgeHTML
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.