Taylor R Campbell wrote: > > Date: Tue, 28 Mar 2017 16:58:58 +0200 > > From: Maxime Villard <m...@m00nbsd.net> > > > > Having read several papers on the exploitation of cache latency to defeat > > aslr (kernel or not), it appears that disabling the rdtsc instruction is a > > good mitigation on x86. However, some applications can legitimately use it, > > so I would rather suggest restricting it to root instead. > > Put barriers in the way of legitimate applications to thwart > hypothetical attackers who will... step around them and use another > time source, of which there are many options in the system? This > sounds more like cutting off the nose to spite the face than a good > mitigation against real attacks.
Old thread but the authors of the spectre paper did exactly what Taylor said: https://spectreattack.com/spectre.pdf "JavaScript does not provide access to the rdtscp instruction, and Chrome intentionally degrades the accuracy of its high-resolution timer to dissuade timing attacks using performance.now() [1]. However, the Web Workers feature of HTML5 makes it simple to create a separate thread that repeatedly decrements a value in a shared memory location [18, 32]. This approach yielded a high-resolution timer that provided sufficient resolution." -- Alex