-------- In message <alpine.BSF.2.00.1503092248580.38285 at woozle.rinet.ru>, Dmitry Morozo vsky writes:>Dear colleagues, > >any thoughts we're vulnerable to this?It's a hardware problem, *everybody* are vulnerable. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
On 3/9/2015 14:52, Poul-Henning Kamp wrote:> -------- > In message <alpine.BSF.2.00.1503092248580.38285 at woozle.rinet.ru>, Dmitry Morozo > vsky writes: >> Dear colleagues, >> >> any thoughts we're vulnerable to this? > It's a hardware problem, *everybody* are vulnerable. >And.... this is why (among other reasons) you run ECC memory! Note that privilege escalation is not your only problem; corruption of data headed to the disk, specifically with filesystems like ZFS, in many ways can be worse because that can result in corruption that the system CANNOT detect. -- Karl Denninger karl at denninger.net <mailto:karl at denninger.net> /The Market Ticker/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2711 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20150309/2ec9b8e9/attachment.bin>
On Mon, 9 Mar 2015, Poul-Henning Kamp wrote:> >any thoughts we're vulnerable to this? > > It's a hardware problem, *everybody* are vulnerable.Well, it seems I used somewhat incorrect wordings. Any chance we could provide workaround like for Pentium f00f bug? Actually I doubt it as cache flush commands do not seem to be avoidable -- but I would like to hear from real security experts.... -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck at FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck at rinet.ru *** ------------------------------------------------------------------------
On Mon, 09 Mar 2015 19:52:04 -0000 "Poul-Henning Kamp" <phk at phk.freebsd.dk> wrote:> -------- > In message <alpine.BSF.2.00.1503092248580.38285 at woozle.rinet.ru>, Dmitry Moro > zo > vsky writes: > >Dear colleagues, > > > >any thoughts we're vulnerable to this? > > It's a hardware problem, *everybody* are vulnerable.I guess manufacturer memory testing hasn't kept up to deal with shrinking geometries.... Hopefully ECC memory protects against such exploits (at least makes them a lot less vulnerable).