> > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 11 Jul 2019 14:16:17 +0200 > From: peter.blok at bsd4all.org > To: Kevin <labadore at protonmail.ch>, freebsd-security at freebsd.org > Subject: Re: FreeBSD MDS Mitigation > Message-ID: <DDBA787F-4238-4C9B-A960-A2C82D25F7EE at bsd4all.org> > Content-Type: text/plain; charset=utf-8 > > I?m sorry but if you really care about security you have to read the > advisory and stop assuming things. > > For every complaint why this is disabled by default, there will 10 > complaints why it was enabled by default and broke things. > > Having said this, I could see the benefit of reporting the fact that a > certain security measure is disabled in the daily security reports, hoping > someone reads it together with the executables that suddenly have been > setuid for root. > > Peter > > > On 10 Jul 2019, at 18:37, Kevin via freebsd-security < > freebsd-security at freebsd.org> wrote: > > > > Hello list. I am reading this page about FreeBSD security [ > https://vez.mrsk.me/freebsd-defaults.html ] and it says the Intel MDS > mitigation is off by default. So I tried. > > > > % sysctl hw.mds_disable_state > > hw.mds_disable_state: inactive > > > > Now I see the instructions in the advisory, but what about anyone who > didn't? Or who did a new install and didn't read past advisories? > > > > I have an Intel CPU that is vulnerable. By applying the update and > installing the microcode package, I thought I was safe. > > > > Why? Why does FreeBSD let its users be vulnerable? > > _______________________________________________ > >For this specific issue (Intel MDS) there are significant performance issues on older (not 8th or 9th gen) Intel processors. Also, outside of a hosting environment, exploitation and threat/risk are lower. FreeBSD uses the principle of least astonishment, a significant perf drop for systems that are not high risk would have violated this. For people tracking the HyperTreading issue, turning off HyperThreading in the hardware was suggested last year. Walter -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis