https://bugzilla.mindrot.org/show_bug.cgi?id=3656
Damien Miller <djm@mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org
--- Comment #1 from Damien Miller <djm@mindrot.org> ---
This attack was not demonstrated against stock OpenSSH, but instead
against a modified sshd that had extra synchronisation added to make
the attack easier. AFAIK achieving the timing required to successfully
exploit is close to impossible in the real world. See section 9 of
their paper https://arxiv.org/pdf/2309.02545.pdf
They don't mention it, but any kind of ASLR would increase the
difficulty of attack by several orders of magnitude.
Nobody has demonstrated this attack against a configuration remotely
approximating real-world conditions. We consider rowhammer mitigation
to the job of the platform, not userspace software.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Damien Miller <djm@mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org
--- Comment #1 from Damien Miller <djm@mindrot.org> ---
This attack was not demonstrated against stock OpenSSH, but instead
against a modified sshd that had extra synchronisation added to make
the attack easier. AFAIK achieving the timing required to successfully
exploit is close to impossible in the real world. See section 9 of
their paper https://arxiv.org/pdf/2309.02545.pdf
They don't mention it, but any kind of ASLR would increase the
difficulty of attack by several orders of magnitude.
Nobody has demonstrated this attack against a configuration remotely
approximating real-world conditions. We consider rowhammer mitigation
to the job of the platform, not userspace software.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs