Share your thoughts in the 2021 Clojure Community Survey!

Welcome! Please see the About page for a little more info on how this works.

0 votes
in Compiler by

I was looking up everywhere and could not find any mitigations for Spectre attack by the Clojure compiler! I don't know if my question is correct or how feasible it is, but do you guys know if there are any mitigations for different variants of Spectre attacks Specter v1 (Spectre-PHT), v2 (Spectre-BTB), v4 (Spectre-STL) and v5 (Spectre-RSB) at the compiler level for Clojure?
Looking forward to hearing from you guys ;)

2 Answers

+1 vote
by

I'm not an expert, but seems like the compiler is a wrong place to fix such a vulnerability. Some details: https://mail.openjdk.java.net/pipermail/vuln-announce/2019-July/000002.html

0 votes
by

Clojure really depends on the JVM for this kind of thing and as mentioned in the other answer, the JVM team has decided this is not something they can address.

This was explored in http://openjdk.java.net/jeps/342.

by
True, but isn't that only from the OpenJDK team? Is it the same other JDKs like Oracle's?
by
I would consider it up to the developer to pick a JDK that is secure -- and keep it updated as new patches come out.
...