> But, are the GCC patches being discussed also expected to fix the > vulnerability because user binaries will be compiled using them? In
If you have a system with just a few user binaries where you are concerned about such a thing you might go that way. > such case, a binary could be maliciously changed back, or a custom GCC > made with the patches reverted. If I can change your gcc or your binary then instead of removing the speculation protection I can make it encrypt all your files instead. Much simpler. At the point I can do this you already lost. Alan
