← Back to context

Comment by lgg

2 years ago

Spectre, Meltdown and Rowhammer were all discovered in the same timeframe as the things you listed, and were decidedly more complex than dumb one liners. Yes, those are all have a hardware component (and thus the "fixes" are software workarounds), but the fixes involved way more than one or two lines of work.

10 comments

lgg

Reply
lmm  2 years ago

The workaround fixes are complex, but the actual issues are very simple, no?

  • amoss  2 years ago

    No. Architectural leakage via a side-channel is far from simple. It requires deep understanding of the code (i.e. what it does, why it is doing it that way and the implied effect of executing the code on the architecture) and also of the architecture (i.e. how it is executing and why that causes leakage to be observable via the side-channel).

    If anything, these are canonical examples of non-simple bugs.

    • lmm  2 years ago

      > It requires deep understanding of the code (i.e. what it does, why it is doing it that way and the implied effect of executing the code on the architecture) and also of the architecture (i.e. how it is executing and why that causes leakage to be observable via the side-channel).

      For exploitation, or for patching, maybe. But characterizing these bugs is still clear and simple IMO. I mean, rowhammer is about as basic as a bug can get - the value of this bit in memory changed even though it was never written to.

      6 replies →