search for: mitigating

I'm also a bit unclear on that point. I think one input here has to be: what are some example, existing codebases we want to mitigate, and what should the user experience be to mitigate them? I don't think we can make good engineering tradeoffs without having concrete use cases to evaluate. Another point: it seems some mitigation options have already been added to the GNU toolchain

Hi everyone! I want to clarify the purpose and design of SESES. Thus far, I've characterized it as an LVI mitigation which is somewhat incorrect. SESES was built as a "big hammer." It is intended to protect against many side channel vulnerabilities (Spectre v1, Spectre v4, LVI, etc, etc) even though it was built in response to LVI. For folks protecting against LVI, this is an

Hi, A new speculative cache side-channel vulnerability has been published at https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation, named "straight-line speculation”, CVE-2020-13844. In this email, I'd like to explain the toolchain mitigation we've prepared to mitigate against this vulnerability for AArch64.

Hi everyone, Some Intel processors have a newly disclosed vulnerability named Load Value Injection. One pager on Load Value Injection: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection Deep dive on Load Value Injection: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection I wrote this compiler pass that can

Hi folks, Firstly; apologies in advance for what is a head wrecker of keeping on top of the speculative mitigations and also if this is a duplicate email; my first copy didn't seem to make it into the archive. Also a disclaimer that I may have misunderstood elements of the below but please bear with me. I write this hoping to find out a bit more about the state of the relevant kernel

Hi all! I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU. I note that when I run the redhat script to test for spectre & meltdown I get this result for variant 2: Variant #2 (Spectre): Vulnerable CVE-2017-5715 - speculative execution branch target injection - Kernel with mitigation patches: OK - HW support / updated microcode: NO - IBRS: Not disabled on

On 6 February 2018 at 20:09, David Newall <openssh at davidnewall.com> wrote: > Do we need to do anything? It's not clear to me how SSH is vulnerable to > Spectre -- that is, how SSH can be used to execute a Spectre attack? I am more concerned with it being the target of a Spectre style attack. There's some long lived private data (host keys in the case of sshd, session keys

...o note that I’ve just posted another component for Spectre mitigation (variant 1), see https://reviews.llvm.org/D41760 and https://reviews.llvm.org/D41761. I believe this is completely complementary to the retpoline mitigation you pointed to at https://reviews.llvm.org/D41723#, which is targeted at mitigating variant 2. Thanks, Kristof On 4 Jan 2018, at 11:23, Chandler Carruth via llvm-dev <llvm-dev at lists.llvm.org<mailto:llvm-dev at lists.llvm.org>> wrote: Sending a note here as this seems likely to be of relatively broad interest. Thread: http://lists.llvm.org/pipermail/llvm-commits...

...predicted: ``` callq other_function return_addr: testq -8(%rsp), return_addr # Validate return address. cmovneq %r8, %rax # Update predicate state. ``` For an ABI without a "red zone" (and thus unable to read the return address from the stack), mitigating returns face similar problems to calls below. Indirect calls (and returns in the absence of a red zone ABI) pose the most significant challenge to propagate. The simplest technique would be to define a new ABI such that the intended call target is passed into the called function and checked in the...

...ted another component for Spectre > mitigation (variant 1), see https://reviews.llvm.org/D41760 and > https://reviews.llvm.org/D41761. > I believe this is completely complementary to the retpoline mitigation you > pointed to at https://reviews.llvm.org/D41723#, which is targeted at > mitigating variant 2. > > Thanks, > > Kristof > > On 4 Jan 2018, at 11:23, Chandler Carruth via llvm-dev < > llvm-dev at lists.llvm.org> wrote: > > Sending a note here as this seems likely to be of relatively broad > interest. > > Thread: > > http://lists.llvm.o...

FYI to all: I've updated the design document to include the newly disclosed variants 1.1 and 1.2 (collectively called Bounds Check Bypass Store or BCBS). There is no change to the proposed implementation which can already robustly mitigate these variants. I've also updated my patch as we have very significant interest in getting at least an early "beta" version of this into the

Hi all, I saw the retpoline mitigation landed in r323155. Are we ready to merge this to 6.0, or are there any open issues that we're waiting for? Also, were there any followups I should know about? Also, release notes please :-) Thanks, Hans -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi Chandler, Thank you very much for sharing this! The RFC is pretty lengthy but the far majority of it makes sense to me. I’m sure I’m forgetting to react to some aspects below, but I thought I’d summarize some initial thoughts and questions I had after reading the RFC end-to-end. * I believe the same high-level principles you outline can also be used to implement the same protection on the

On Wed, 2018-03-07 at 02:33 +0000, Daniel Migowski via samba wrote: > Hai, > > Already tried the bad user option. Samba still answers the client > that guest mode is to be used, but here is the problem. Windows 10 > forbids guest mode now because of Security concerns! I need a way for > Samba to accept the challenge response answer regardless of the user > so Windows believes

Hai, Already tried the bad user option. Samba still answers the client that guest mode is to be used, but here is the problem. Windows 10 forbids guest mode now because of Security concerns! I need a way for Samba to accept the challenge response answer regardless of the user so Windows believes it was authenticated. Any hack no matter how dirty is greatly appreciated. Greetings, Daniel Migowski

From: "Richard W.M. Jones" <rjones at redhat.com> CVE-2011-4127 is a serious qemu & kernel privilege escalation bug found by Paolo Bonzini. http://seclists.org/oss-sec/2011/q4/536 An untrusted guest kernel is able to issue special SG_IO ioctls on virtio devices which qemu passes through to the host kernel without filtering or sanitizing. These ioctls allow raw sectors from

Thanks Kelvin I'm a bit confised tho, is this patch already avaiable? if yes, what is the parameter that disable ssl into the smb.conf? Maybe the guys from Enterprise samba have already included the patch into their releases so it's just a maatter of enabling the flag. I'm using sernet-samba-4.2.2 Thanks!

Hi. Both GCC and clang are adding mitigations for Spectre variant 2 although neither have yet made a release and neither are on by default. After trolling through and building release candidate branches for both I believe this is what is required for the ssh programs (although all the dependent libraries will also need to be built with mitigations, and I suspect libcrypto is a more likely

I've built & tagged packages for CentOS 6 and 7 4.6.6-9, with XPTI "stage 1" Meltdown mitigation. This will allow 64-bit PV guests to run safely (with a few caveats), but incurs a fairly significant slowdown for 64-bit PV guests on Intel boxes (including domain 0). If you prefer using Vixen / Comet, you can turn it off by adding 'xpti=0' to your Xen command-line.

On 08/05/2018 05:54 AM, Michael S. Tsirkin wrote: > On Fri, Aug 03, 2018 at 08:21:26PM -0500, Benjamin Herrenschmidt wrote: >> On Fri, 2018-08-03 at 22:08 +0300, Michael S. Tsirkin wrote: >>>>>> Please go through these patches and review whether this approach broadly >>>>>> makes sense. I will appreciate suggestions, inputs, comments regarding