[Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

INADA Naoki songofacandy at gmail.com
Tue Sep 18 02:38:04 EDT 2018

On Tue, Sep 18, 2018 at 7:08 AM Wes Turner <wes.turner at gmail.com> wrote:
> To summarize:
> - CPython may be vulnerable to speculative execution vulnerabilities, but none are known.
> - In general, CPython is currently too slow for speculative execution exploitation to be practical.
>   - Sandboxed, JIT'ed JS is not too slow for speculative execution exploitation to be practical
>     - (Not otherwise discussed here: PyPy's sandboxed JIT may not be too slow for speculative execution exploitation to be practical.)

As far as I know, execution speed is important for attacker, not victim.
In case of JavaScript, browser may load attacking code and run it while
user watching websites.
Browsers provides sandbox for JS, but attacker code may be able to
bypass the sandbox by Spectre or Meltdown.  So browsers disabled
high precision timer until OSes are updated.

This topic is totally unrelated to compiler options: these compiler options
doesn't prohibit running attacking code, it just guard branches from
branch target injection.

Does my understanding collect?  Why should we discuss about execution speed?

I think this topic should split to two topics: (1) Guard Python
process from Spectre/Meltdown
attack from other process, (2) Prohibit Python code attack other
processes by using

INADA Naoki  <songofacandy at gmail.com>

More information about the Python-Dev mailing list