[PATCH gnupg] Disable CPU speculation-related misfeatures
Guido Trentalancia
guido at trentalancia.com
Mon May 26 21:28:31 CEST 2025
The reason why I believe that a test for the autoconf-generated
"configure" script is not necessary is that the prctl() system call has
been introduced as early as in Linux kernel 2.1.57: I suppose this is
already checked pretty well by the #ifdef __linux__ statement.
As already stated, whether the prctl() system call is actually able to
configure the CPU speculative-execution features is determined at
compile-time by the remaining #ifdef statements of the proposed patch.
On Mon, 26/05/2025 at 16.46 +0200, Werner Koch wrote:
> Hi!
>
> On Mon, 26 May 2025 14:00, Guido Trentalancia said:
> > Disable CPU speculation-related misfeatures which are in
> > fact vulnerabilities causing data leaks:
>
> If that is a misfeature it needs to be fixed at the pläce where it
> was
> introduced and not just in a single binary. If this code is really
> needed it would first of all be useful in Libgcrypt only then then
> you
> should put it into gnupg/common/init.c:early_system_init.
>
> Specific Linux code is in general not a good idea, if that is
> required,
> please write a proper configure test for this feature and use a
> dedicated macro. A more detailed explanation of the pro and cons
> would
> also be appreciated.
>
>
>
> Shalom-Salam,
>
> Werner
>
More information about the Gnupg-devel
mailing list