I'm not sure if this is the right place to ask this question, but here I go.
Are there any mitigations in Ruby for the Spectre security vulnerability? Maybe in the interpreter itself or a function which is similar to the lfence-instruction.
If there isn't, are there any mitigations planned?
I'm not sure if this is the right place to ask this question, but here I
go.
ruby-core might be a better place as core developers are there.
Are there any mitigations in Ruby for the Spectre security
vulnerability? Maybe in the interpreter itself or a function which is
similar to the lfence-instruction.
If there isn't, are there any mitigations planned?
As far as I understand Intel has applied fixes in hardware and firmware
already. So I am not aware of what is missing as of today.
The interpreter (more precisely the classic MRI) is mostly (completely?)
written in C so it would depend on compiler flags and platform whether a
particular Ruby interpreter binary contains mitigation or not.
The JIT is still experimental in 2.7.0 which is the default for Ubuntu
20.04. That might be another area to look for. I did a quick case
insensitive search for "spectre" in the current source code and did not
find a single hit.
Cheers
robert
···
On Fri, Nov 13, 2020 at 3:58 PM Amel <amel.smajic@student.tugraz.at> wrote:
the right place to ask is in an hw/os group.
intel & cpus et al have no fix for this yet, not next year, not in the next
5 yrs.
best regards
--botp
···
On Fri, Nov 13, 2020 at 10:58 PM Amel <amel.smajic@student.tugraz.at> wrote:
I'm not sure if this is the right place to ask this question, but here I
go.
Are there any mitigations in Ruby for the Spectre security
vulnerability? Maybe in the interpreter itself or a function which is
similar to the lfence-instruction.
If there isn't, are there any mitigations planned?