On Thu, May 10, 2018 at 1:34 AM Martin Vaeth <mar...@mvath.de> wrote:
> As a simple example, assume that you have read a password file > into a string of your language and now access a single password. > No matter, how you mark the end of the password (fixed-length, \0, \n, > ...) speculative execution might always access the next password(s) > unless you prevent it globally. Whether it is exploitable depends > of course on other things. There is no difference to C. I'll just reply to this because the rest of the email is just a natural consequence of it. I will confess up-front I'm not an expert in Spectre, but I don't see how having the next password speculatively read would on its own create a vulnerability. You would also need some kind of indirect memory access based on the speculatively-accessed data to create a timing channel. And of course it is entirely possible that the loop wouldn't be sequentially reading in data in a way that could cause a bound to be exceeded, and in this situation I don't see why protection would be required. Consider: for x = 1 to 10 : y=5+3 : next x This is obviously trivial, but I don't see how executing that loop a few too many times would cause problems, so blocking speculation is just going to hurt performance for no benefit. I still tend to think that the additional context around these memory accesses that is available in a high-level language could be used by a compiler to determine when protection is required. Certainly a skilled programmer might be able to do an even better job if they were vigilant, but not all programmers are equally skilled... -- Rich