1 |
On Fri, Jan 5, 2018 at 7:34 AM, Walter Dnes <waltdnes@××××××××.org> wrote: |
2 |
> |
3 |
> I wonder if it's possible to compile a web browser with protection |
4 |
> against the exploits, but turn it off for other apps. That would |
5 |
> protect against external attacks, while not hurting local app speed. |
6 |
> |
7 |
|
8 |
There are three exploits, all requiring different solutions. Only |
9 |
exploit 3 has a solution which impacts speed. |
10 |
|
11 |
Trying to fix exploit 3 in the browser seems dubious. You'd need to |
12 |
detect code patterns that could be trying to trigger the exploit |
13 |
before they're run, because the CPU itself isn't going to provide any |
14 |
protection here. Exploit 3 is the only exploit that doesn't require |
15 |
some kind of underlying vulnerability in a piece of software that is |
16 |
being attacked (in addition to the CPU vulnerability). |
17 |
|
18 |
Exploits 1/2 do require fixes in the browser already, but those don't |
19 |
significantly impact performance. Those fixes are also still being |
20 |
worked on. |
21 |
|
22 |
-- |
23 |
Rich |