[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-gnuzilla] Spectre mitigation for IceCat
|
From: |
Mark H Weaver |
|
Subject: |
[Bug-gnuzilla] Spectre mitigation for IceCat |
|
Date: |
Sat, 06 Jan 2018 22:46:29 -0500 |
FYI, Mozilla has included two mitigations for Spectre in Firefox 57.0.4.
They are described here:
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
The blog post notes that one of the mitigations, disabling
SharedArrayBuffer, is not applicable to Firefox 52 ESR because that
version doesn't support SharedArrayBuffer.
The other mitigation reduces the resolution of performance.now() to 20
microseconds. This change is included in Firefox 57.0.4, and will
eventually be included in Firefox 52.6 ESR due to be released on Jan 23.
I didn't want to wait that long, so I backported this second mitigation
to GNU IceCat, which was quite easy. It's now included in the IceCat
package in GNU Guix, along with 100 other fixes cherry-picked from
upstream. I've attached the patch to this email in case it is of
interest.
I also recommend that you install NoScript and avoid running Javascript
code from the network whenever you can avoid it. Even with this
mitigation applied, there are probably other ways to exploit these flaws
using Javascript.
Mark
Mitigate Spectre by reducing the resolution of performance.now() to 20
microseconds. Based on:
https://hg.mozilla.org/releases/mozilla-release/rev/afa87f9be3a8
For more details, see:
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
This patch was modified to apply cleanly to GNU IceCat.
# HG changeset patch
# User Tom Ritter <address@hidden>
# Date 1514660820 21600
# Node ID afa87f9be3a8852da3a30f286b15ae599c7874f6
# Parent 6caa457ebedc915b43dc1d054b8fe22e82ca7447
Bug 1427870 - Change resolution of .now() to 20us. r=bkelly, a=lizzard
The comment about workers was introduced in Bug 1186489 but became obsolete
some time after that
(definitely by Bug 1278838)
diff --git a/dom/performance/Performance.cpp b/dom/performance/Performance.cpp
--- a/dom/performance/Performance.cpp
+++ b/dom/performance/Performance.cpp
@@ -234,20 +234,19 @@ Performance::ClearResourceTimings()
{
MOZ_ASSERT(NS_IsMainThread());
mResourceEntries.Clear();
}
DOMHighResTimeStamp
Performance::RoundTime(double aTime) const
{
- // Round down to the nearest 5us, because if the timer is too accurate people
- // can do nasty timing attacks with it. See similar code in the worker
- // Performance implementation.
- const double maxResolutionMs = 0.005;
+ // Round down to the nearest 20us, because if the timer is too accurate
people
+ // can do nasty timing attacks with it.
+ const double maxResolutionMs = 0.020;
return floor(aTime / maxResolutionMs) * maxResolutionMs;
}
void
Performance::Mark(const nsAString& aName, ErrorResult& aRv)
{
// Don't add the entry if the buffer is full. XXX should be removed by bug
1159003.
- [Bug-gnuzilla] Spectre mitigation for IceCat,
Mark H Weaver <=