bitey cat bite bite bite bite
what I understand about spectre:
Branch prediction isnt always right and you can trick the processor into executing a bad branch.
What I dont understand about spectre:
How this can get around privilege constraints like User privilege and read kernel memory and other serious things.
Canageek
@cybermeow From https://twitter.com/gsuberland/status/948907452786933762 So you make two arrays in memory. Now pick memory you aren't allowed to read: if that bit is a one, read what is in array one. If it is a 0, read what is in array two. Now, it will stop you from getting these results, but it will do this before it realizes it. But now it has either a value from array1 or array2 in cache. We are allowed to read those, so get the CPU to do that and see which answer arrives faster. That tells you if the memory you can't read is 0 or 1.
Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.
All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.