Re: [Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register
Are all current Python builds and C extensions vulnerable to Spectre variants {1, 2, *}? There are now multiple threads: "SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register" - https://mail.python.org/mm3/archives/list/distutils-sig@python.org/thread/4B... - https://mail.python.org/pipermail/python-ideas/2018-September/053473.html - https://mail.python.org/pipermail/python-dev/2018-September/155199.html Original thread (that I forwarded to security@): "[Python-ideas] Executable space protection: NX bit," https://mail.python.org/pipermail/python-ideas/2018-September/053175.html
~ Do trampolines / nested functions in C extensions switch off the NX bit?
On Sunday, September 16, 2018, Nathaniel Smith <njs@pobox.com> wrote:
Are there different CFLAGS and/or gcc compatibility flags in conda builds of Python and C extensions? Where are those set in conda builds? What's the best way to set CFLAGS in Python builds and C extensions? export CFLAGS="-mindirect-branch=thunk -mindirect-branch-register" ./configure make ? Why are we supposed to use an old version of GCC that doesn't have the retpoline patches that only mitigate Spectre variant 2?
"PEP 571 -- The manylinux2010 Platform Tag" https://www.python.org/dev/peps/pep-0571/ "Tracking issue for manylinux2010 rollout" https://github.com/pypa/manylinux/issues/179 Are all current Python builds and C extensions vulnerable to Spectre variants {1, 2, *}?
Hi, Please don't cross-post so heavily. python-dev is sufficient for this. If you want to push this forward, I suggest you measure performance of Python compiled with and without the Spectre mitigation options, and report the results here. That will help vendors and packagers decide whether they want to pursue the route of enabling those options. Note there are plenty of data-driven conditional jumps in Python. It will not be easy to determine which ones are vulnerable to exploiting through speculative execution of a mispredicted branch. The bytecode evaluation loop sounds like a potential attack target, but it's also performance-sensitive. Regards Antoine. On Sun, 16 Sep 2018 20:29:06 -0400 Wes Turner <wes.turner@gmail.com> wrote:
Hi, Please don't cross-post so heavily. python-dev is sufficient for this. If you want to push this forward, I suggest you measure performance of Python compiled with and without the Spectre mitigation options, and report the results here. That will help vendors and packagers decide whether they want to pursue the route of enabling those options. Note there are plenty of data-driven conditional jumps in Python. It will not be easy to determine which ones are vulnerable to exploiting through speculative execution of a mispredicted branch. The bytecode evaluation loop sounds like a potential attack target, but it's also performance-sensitive. Regards Antoine. On Sun, 16 Sep 2018 20:29:06 -0400 Wes Turner <wes.turner@gmail.com> wrote:
participants (2)
-
Antoine Pitrou -
Wes Turner