What would happen if we adopted: https://make-linux-fast-again.com/
Assume the system is used for development and general browsing.
Are there any cases of these vulnerabilities being exploited in the wild, (especially by websites)?
Asked
Active
Viewed 312 times
6
-
I'm not an expert in this area, but both vulnerabilities can be exploited with javascript. The [Spectre paper](https://spectreattack.com/spectre.pdf) even described attacks using JavaScript I'm unsure if browsers have deployed safeguards to avoid this, but I would be surprised as the issue happens at the kernel level. – Augusto May 27 '19 at 14:10
-
That question is very broad - and will be heavily influenced by your [threat model]( https://en.wikipedia.org/wiki/Threat_model). Still, as long as my daily work does not get slowed down significantly, I would not disable security mitigations just buecause i can. – mhr May 28 '19 at 05:33
1 Answers
5
Simply put: You would undo a lot of mitigations.
Whenever a vulnerability like Spectre or Meltdown comes along, people run to see who should deploy the patch. Browser vendors (quite rightfully so), claim that fixing CPU bugs is not something they are responsible for. It would make sense to patch it on an OS level, as that would mean not every application would have to take care of it themselves.
As a result, if you would disable all these mitigations, you become potentially vulnerable to those attacks.
How unsafe would this make you?
Depending on your desired level of paranoia, ranging from "Not at all" to "They've probably overtaken my CPU already". To answer more seriously, it is entirely possible to exploit this using JavaScript. It is difficult to say if this has been exploited in the wild, and if so, if it was successful. I personally would say it's not on the top of my threat list, but I also would not want to intentionally disable security features.
So the answer is basically the same as with disabling any other security features: Proceed at your own risk.