|
Boost : |
Subject: Re: [boost] Enabling spectre mitigation in boost libraries
From: Rainer Deyke (rainerd_at_[hidden])
Date: 2019-04-07 13:57:25
On 07.04.19 13:34, degski via Boost wrote:
> On Sun, 7 Apr 2019 at 11:03, Rainer Deyke via Boost <boost_at_[hidden]>
> wrote:
>
>> I would go even further than that. If Microsoft, as an organization,
>> feels that libraries should be compiled by with spectre mitigation by
>> default, then it's up to the MSVC team to actually make that the
>> default, without requiring extra command line arguments. Asking every
>> user of MSVC to modify their build scripts in order to turn on spectre
>> mitigation doesn't scale very well when there are millions of such users.
>
> Hola, wait a sec here, most software doesn't need this mitigation. This
> mostly relates to browsers from what I understand
> <https://en.wikipedia.org/w/index.php?title=Spectre_(security_vulnerability)&action=edit§ion=3>
> or local machines that are compromised [but hey, then there are simpler
> methods of getting your data].
On one hand, yes, most software doesn't need this mitigation. On the
other hand, this must be weighted by the relative cost of unnecessarily
compiling with spectre mitigation versus the cost of failing to compile
with spectre mitigation where it really matters. The former costs CPU
cycles, the latter can cost lives.
As a general rule, I tend to favor a safe-by-default approach (with the
option to turn the safeties off if you know what you're doing). But I'm
not a security expert, and I have no idea if this is the right approach
for this particular case.
-- Rainer Deyke (rainerd_at_[hidden])
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk