search for: craftily

On Mon, Apr 27, 2020 at 10:37:41AM -0700, Andy Lutomirski wrote: > I have a somewhat serious question: should we use IST for #VC at all? > As I understand it, Rome and Naples make it mandatory for hypervisors > to intercept #DB, which means that, due to the MOV SS mess, it's sort > of mandatory to use IST for #VC. But Milan fixes the #DB issue, so, > if we're running under

On Tue, Jun 23, 2020 at 01:07:06PM +0200, Peter Zijlstra wrote: > On Tue, Apr 28, 2020 at 09:55:12AM +0200, Joerg Roedel wrote: > So what happens if this #VC triggers on the first access to the #VC > stack, because the malicious host has craftily mucked with only the #VC > IST stack page? > > Or on the NMI IST stack, then we get #VC in NMI before the NMI can fix > you up. > > AFAICT all of that is non-recoverable. I am not 100% sure, but I think if the #VC stack page is not validated, the #VC should be promoted to a #DF...

...fy the guest. And as this > can happen anywhere, for example on a carefully crafted stack page set > by userspace before doing SYSCALL, the only robust choice for #VC is to > use IST. So what happens if this #VC triggers on the first access to the #VC stack, because the malicious host has craftily mucked with only the #VC IST stack page? Or on the NMI IST stack, then we get #VC in NMI before the NMI can fix you up. AFAICT all of that is non-recoverable.

Hi, We hava a bunch of machines that needs to have the ability to look up users and groups (like with libnss_winbind) but we need to have the Kerberos and PAM stuff. We really don't want to join them to the AD. Are there any way to use one server as a proxy for name and group lookups? [dumb-node] --> [master-node-with-winbind] --> [AD] Best regards Emil Assarsson Sony Ericsson

.../06/2020 12:30, Joerg Roedel wrote: > On Tue, Jun 23, 2020 at 01:07:06PM +0200, Peter Zijlstra wrote: >> On Tue, Apr 28, 2020 at 09:55:12AM +0200, Joerg Roedel wrote: >> So what happens if this #VC triggers on the first access to the #VC >> stack, because the malicious host has craftily mucked with only the #VC >> IST stack page? >> >> Or on the NMI IST stack, then we get #VC in NMI before the NMI can fix >> you up. >> >> AFAICT all of that is non-recoverable. > I am not 100% sure, but I think if the #VC stack page is not validated, > the...

Hi, I''m working on a method to manage packages which require a reboot after being installed. I''m curious how other people are handling this problem. Consider the resource: pkg_deploy { "MacOSXUpdCombo10.4.9Intel.dmg": alias => macosx1049 } I''d like to only install the package under if the following conditions are met: - No user is logged into the

...gn-a message from the Matrix itself answering the question that drives it's name? ?are I x?? The end of the Matrix, of this message delivered through a hidden influence coincides with it's story of Exodus, of being led from slavery to a place where we see that the Holy Coda of the Matrix is craftily encoded in each and every word-unsealed the letter emag reveals the ?are I Bianca? <http://isiti.gq/lists/lt.php?id=YUgDCQFUGAFSXB1QWlQKVF0F> ? of Eden's apple and rib, and the ?are I the hidden n? of Newton, NORAD and my last name's key to the beginning and the end of The Name ? the...