On 01/09/2018 12:32 PM, Daniel Walsh wrote:
Or SECCOMP for that matter. From my limited reading, I have not seen what an
application needs to access to trigger this vulnerabiltiy. Is this just using
standard SYSCALLS, that we could not block without breaking the applications?
Anyone have thoughts on this?
Neither will provide any protection. Meltdown and Spectre do not require any
software vulnerabilities; they exploit the hardware. SELinux or SECCOMP might be
able to prevent specific implementations from working (By, for example, denying
the ability to run eBPF programs or other interpreters and JIT engines), but
cannot help generally.
Jim
Dan
--
James Carter <[email protected]>
National Security Agency
