Re: Hyper-Threading Vulnerability

From: Christer Weinigel
Date: Sat May 14 2005 - 20:09:23 EST

Next message: Tejun Heo: "Re: [PATCH scsi-misc-2.6 04/04] scsi: remove unnecessary scsi_wait_req_end_io()"
Previous message: Gene Heskett: "Re: Y2K-like bug to hit Linux computers! - Info of the day"
In reply to: Andrea Arcangeli: "Re: Hyper-Threading Vulnerability"
Next in thread: Andi Kleen: "Re: Hyper-Threading Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrea Arcangeli <andrea@xxxxxxx> writes:

> Nobody runs openssl -sign thousand of times in a row on a pure idle
> system without noticing the 100% load on the other cpu for months

Well, actually one does. On a normal https server, each https request
results in an operation on the private key. So if the attacker shares
the same web server as the victim it's probably rather easy for the
attacker to see when the machine is idle and launch an attack giving
him thousands of chances to spy on the victim.

But I do agree that this probably isn't all that serious, for those
who really have secrets to hide, they won't run their https server on
a machine shared with anybody else.

/Christer

--
"Just how much can I get away with and still go to heaven?"

Freelance consultant specializing in device driver programming for Linux
Christer Weinigel <christer@xxxxxxxxxxx> http://www.weinigel.se
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tejun Heo: "Re: [PATCH scsi-misc-2.6 04/04] scsi: remove unnecessary scsi_wait_req_end_io()"
Previous message: Gene Heskett: "Re: Y2K-like bug to hit Linux computers! - Info of the day"
In reply to: Andrea Arcangeli: "Re: Hyper-Threading Vulnerability"
Next in thread: Andi Kleen: "Re: Hyper-Threading Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]