[stunnel-users] [PATCH] Spectre v2 Vulnerability Mitigations

Nitin Mutkawoa jmutkawoa at hackers.mu
Wed Mar 7 21:25:55 CET 2018


Hello

To prevent any leakage (Spectre v2) from a compromised VM on same physical
host, this patch would mitigate the impact.

--- configure.ac.orig    2018-03-04 01:46:55.877067173 +0400
+++ configure.ac    2018-03-04 01:49:26.422625147 +0400
@@ -101,6 +101,11 @@ if test "$GCC" = yes; then
 fi
 AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2])

+# Spectre v2 mitigations
+AX_APPEND_COMPILE_FLAGS([-mfunction-return=thunk])
+AX_APPEND_COMPILE_FLAGS([-mindirect-branch=thunk])
+
 AC_MSG_NOTICE([**************************************** libtool])
 LT_INIT([disable-static])
 AC_SUBST([LIBTOOL_DEPS])

Kind regards,

Nitin J Mutkawoa
https://tunnelix.com
https://hackers.mu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180308/e9004904/attachment.html>


More information about the stunnel-users mailing list