Comment by Aardwolf
8 years ago
Is it a feasible solution to enable hyperthreading only for threads or forks of the same process? Then they can use this ability, but other processes cannot do timing attacks on this process in this core... I think
8 years ago
Is it a feasible solution to enable hyperthreading only for threads or forks of the same process? Then they can use this ability, but other processes cannot do timing attacks on this process in this core... I think
>Is it a feasible solution to enable hyperthreading only for threads or forks of the same process?
how does that work on unix systems when processes are all forked from 1 process? even if you get past that issue, how do you prevent less privileged processes that use other security mechanisms (cgroups, pledge, selinux, croot, sandboxing)?
I'm guessing someone at Amazon is looking at this right now.
I think EC2 has isolated cores (except t1/t2/t3) all along.
Note that the recently announced T3 instances all have an even number of vCPUs; I wonder if it's related to this issue.
You could allow processes that have ptrace rights on each other to run simultaneously which would cover most issues, but you’d still run into trouble with JavaScript engines running untrusted code.