[Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

Franklin? Lee leewangzhong+python at gmail.com
Tue Sep 18 00:48:39 EDT 2018

I believe this is the article Wes wanted to link to:

On Mon, Sep 17, 2018 at 6:10 PM Wes Turner <wes.turner at gmail.com> wrote:
> To summarize:
> - CPython may be vulnerable to speculative execution vulnerabilities, but none are known.
> - In general, CPython is currently too slow for speculative execution exploitation to be practical.
>   - Sandboxed, JIT'ed JS is not too slow for speculative execution exploitation to be practical
>     - (Not otherwise discussed here: PyPy's sandboxed JIT may not be too slow for speculative execution exploitation to be practical.)

I'm no security researcher, and I barely remember much about
Spectre/Meltdown, but I think the idea is that, if Python takes about
2 milliseconds to run your code, then a difference of +- 10
microseconds is indistinguishable from noise. Try to write software
that can learn to distinguish two similar computers using the running
time of certain functions.

Javascript can be crafted to get close enough to some C programs.
ASM.js and WebAssembly might help.

PyPy's need for mitigation is independent of CPython's.

> - Because there is no exploit provided (or currently thought possible with just CPython), this security-related dialogue is regarded as a nuisance.

More than that. Steve says that he looked into it and decided there
wasn't really anything to worry about. He believes that any exploit of
it will also imply an easier exploit is possible. He also says that
this particular fix won't really help.

Nathaniel is annoyed because Spectre is tricky to understand, and he
assumes you don't understand it as well as you think because you
haven't shown him that you have the expertise to understand it.

> Here's a good write-up:
> Safety_instructions_for_Meltdown_and_Spectre

But how does that apply to CPython? What specifically about CPython
makes the interpreter vulnerable to the attack? Under what conditions
would CPython be vulnerable to this attack, but not an easier attack
of at least the same severity?

The article I linked at the top of this email does not give advice for
interpreter writers at all. It only says what end users and chip
manufacturers ought to do. It is not relevant.

More information about the Python-Dev mailing list