My interpretation is that yes, they identified it as a possibility, but
due to limitations of the Intel platform, there wasn't an obvious,
clean, "correct" way to fix it.
I don't think this is a "primary" exploit, however. You would have to
have a buffer overflow or something in some other app first. Fixing
this, as someone stated, mitigates the consequences of other primary
exploits. But feel free to correct me if I'm wrong (do I really need to
say that? :)
C2
Claire beuserie wrote:
Hi,
On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt <dera...@cvs.openbsd.org>wrote:
2) At least three of our developers were aware of this exploitation
method going back perhaps two years before than the commit, but we
gnashed our teeth a lot to try to find other solutions. Clever
cpu architectures don't have this issue because the virtual address
spaces are seperate, so i386/amd64 are the ones with the big impact.
We did think long and hard about tlb bashing page 0 everytime we
switch into the kernel, but it still does not look attractive from
a performance standpoint.
I'm confused.
That came out a bit weird: are you saying you knew about the bug for 2 years
but did not fix it?
c.b-
