This is fun: “It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.” And the fix could carry a performance hit of 5-30%. _______________________________________________ Chugalug mailing list [hidden email] http://chugalug.org/cgi-bin/mailman/listinfo/chugalug |
And AMD bypasses it by simply turning off a feature that is not normally enabled anyways. "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault. Disable page table isolation by default on AMD processors by not setting the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI is set." https://twitter.com/brainsmoke/status/948561799875502080 https://nixcraft.tumblr.com/post/169209890277/the-mysterious-case-of-the-linux-page-table On Wed, Jan 3, 2018 at 11:46 AM, Keith <[hidden email]> wrote:
_______________________________________________ Chugalug mailing list [hidden email] http://chugalug.org/cgi-bin/mailman/listinfo/chugalug |
In reply to this post by Keith
This is exactly why I keep my important financial records on my Z80-based Osborne 1
From: Chugalug <[hidden email]> on behalf of Keith <[hidden email]>
Sent: Wednesday, January 3, 2018 11:46 AM To: Chattanooga Unix Gnu Android Linux Users Group Subject: [Chugalug] Another Critical Intel Issue This is fun:
“It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal
user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.”
And the fix could carry a performance hit of 5-30%.
_______________________________________________ Chugalug mailing list [hidden email] http://chugalug.org/cgi-bin/mailman/listinfo/chugalug |
Be careful as you patch your OS - I've had trouble with Linode's and Digital Ocean's patches this morning. In the case of a CentOS 6 server on Digital Ocean, I've reverted to re-launching the server and restoring from backups. On Thu, Jan 4, 2018 at 9:47 AM, Ed King <[hidden email]> wrote:
David White _______________________________________________ Chugalug mailing list [hidden email] http://chugalug.org/cgi-bin/mailman/listinfo/chugalug |
Free forum by Nabble | Edit this page |