Friday, January 05, 2018

Re: Kernel memory leaking on Intel CPUs?

Also I don't believe any of these mechanisms are able to protect against
meltdown or spectre. I think *BSD is no more immune than any other
system, without performing the same separation between user and kernel
memory.

On 1/5/2018 7:27 AM, Riccardo Giuntoli wrote:
> But this is only for FreeBSD sure?
>
> On Fri, Jan 5, 2018 at 2:02 AM, torsten <torsten@cnc-london.net> wrote:
>
>> Ps
>> security.bsd.see_other_uids=0
>> security.bsd.see_other_gids=0
>> security.bsd.unprivileged_read_msgbuf=0
>> security.bsd.unprivileged_proc_debug=0
>> kern.randompid=$(jot -r 1 9999)
>> security.bsd.stack_guard_page=1
>>
>>
>>> -----Original Message-----
>>> From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] On Behalf
>>> Of torsten
>>> Sent: 05 January 2018 00:59
>>> To: 'Rupert Gallagher'; 'Daniel Wilkins'; 'Allan Streib'
>>> Cc: 'Alceu R. de Freitas Jr.'; misc@openbsd.org
>>> Subject: Re: Kernel memory leaking on Intel CPUs?
>>>
>>> I wonder how it is in reality for most *BSD users due to 1. hide
>>> processes run by other users 2. disable reading kernel messaging
>>> buffers...
>>> 3. disable kernel messaging debugging by unprivileged users
>>>
>>> And some other tweeks
>>>
>>> What surprises me is the "panic" publication of this because of already
>>> known and in *BSDs addressed concerns about hyper threatening and
>>> shared memory well back since 1994
>>>
>>>
>>>> -----Original Message-----
>>>> From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] On
>>> Behalf
>>>> Of Rupert Gallagher
>>>> Sent: 04 January 2018 22:22
>>>> To: Daniel Wilkins; Allan Streib
>>>> Cc: Alceu R. de Freitas Jr.; misc@openbsd.org
>>>> Subject: Re: Kernel memory leaking on Intel CPUs?
>>>>
>>>> https://mobile.twitter.com/misc0110/status/948706387491786752
>>>>
>>>> On Thu, Jan 4, 2018 at 16:49, Daniel Wilkins <tekk@parlementum.net>
>>>> wrote:
>>>>
>>>>> Intel's said that it affects every processor in the last 20+ years
>>>> and that it's "not a big deal for most users" because it's only a
>>>> kernel memory *read*. @yahoo.com.br>
>>
>>
>>
>
>

--
Graham Allan
Minnesota Supercomputing Institute - gta@umn.edu

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)