[stunnel-users] [PATCH] Spectre v2 Vulnerability Mitigations

• Previous message (by thread): [stunnel-users] Stunnel in server mode with certificate from the Windows Certificate Store
• Next message (by thread): [stunnel-users] basic usage question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello

To prevent any leakage (Spectre v2) from a compromised VM on same physical
host, this patch would mitigate the impact.

--- configure.ac.orig    2018-03-04 01:46:55.877067173 +0400
+++ configure.ac    2018-03-04 01:49:26.422625147 +0400
@@ -101,6 +101,11 @@ if test "$GCC" = yes; then
 fi
 AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2])

+# Spectre v2 mitigations
+AX_APPEND_COMPILE_FLAGS([-mfunction-return=thunk])
+AX_APPEND_COMPILE_FLAGS([-mindirect-branch=thunk])
+
 AC_MSG_NOTICE([**************************************** libtool])
 LT_INIT([disable-static])
 AC_SUBST([LIBTOOL_DEPS])

Kind regards,

Nitin J Mutkawoa
https://tunnelix.com
https://hackers.mu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180308/e9004904/attachment.html>

• Previous message (by thread): [stunnel-users] Stunnel in server mode with certificate from the Windows Certificate Store
• Next message (by thread): [stunnel-users] basic usage question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]