From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp97.iad3a.emailsrvr.com (smtp97.iad3a.emailsrvr.com [173.203.187.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id E16F43CB39 for ; Sun, 7 Jan 2018 14:03:45 -0500 (EST) Received: from smtp37.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp37.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 9AA6C5C05; Sun, 7 Jan 2018 14:03:45 -0500 (EST) X-SMTPDoctor-Processed: csmtpprox beta Received: from smtp37.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp37.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 92ADF5BA1; Sun, 7 Jan 2018 14:03:45 -0500 (EST) Received: from app34.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by smtp37.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 797E85C05; Sun, 7 Jan 2018 14:03:45 -0500 (EST) X-Sender-Id: MAILER-DAEMON Received: from app34.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by 0.0.0.0:25 (trex/5.7.12); Sun, 07 Jan 2018 14:03:45 -0500 Received: from deepplum.com (localhost.localdomain [127.0.0.1]) by app34.wa-webapps.iad3a (Postfix) with ESMTP id C42D1A0044; Sun, 7 Jan 2018 14:03:39 -0500 (EST) Received: by mobile.rackspace.com (Authenticated sender: dpreed@deepplum.com, from: dpreed@deepplum.com) with HTTP; Sun, 7 Jan 2018 14:03:39 -0500 (EST) Date: Sun, 7 Jan 2018 14:03:39 -0500 (EST) From: "dpreed@deepplum.com" To: "Dave Taht" Cc: "Outback Dingo" , cerowrt-devel@lists.bufferbloat.net MIME-Version: 1.0 Content-Type: text/plain;charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Message-ID: <1515351819.800420254@mobile.rackspace.com> X-Mailer: mobile/4.1.4 Subject: Re: [Cerowrt-devel] aarch64 exploit POC X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 19:03:46 -0000 Even the Intel meltdown cannot reach between VMs that use hardware virtual = memory. Relax, Dave. The cloud now mostly uses hardware VMs. AWS old Xen instances, and containe= rs are subject to bad meltdown cloud attacks across containers. Sad about ARM, but ARM servers are pretty rare at this time. Attacking a PC to expose kernel data via Meltdown is fixed in Linux now. An= d a victim domain has to execute attacker chosen code and data to be Spectr= e vulnerable. So avoid running things as root or letting viruses run in pro= tected domains. It helps to try to figure out exactly what exploits can do. Broad generalit= ies are insufficient. It really bugs me that compiler writers are thinking that they are the solu= tion. It's a lot easier to fix Spectre in microcode, and Meltdown in the OS pagin= g maps. -----Original From: "Dave Taht" Sent: Sun, Jan 7, 2018 at 11:46 am To: "Outback Dingo" Cc: "Outback Dingo" , cerowrt-devel@lists.bufferblo= at.net Subject: Re: [Cerowrt-devel] aarch64 exploit POC On Sun, Jan 7, 2018 at 8:21 AM, Outback Dingo wrote: > yes but i would think you would post it to the LEDE / OpenWRT lists also I'm not reading that email account of mine at the moment, and I'd hope folk over there are already all over this. I only logged in long enough to send out a happy new year to everyone. I was prepping to spend a few days finishing up the netem patches and maybe trying to submit cake again before the submission window closed, and then I made the mistake of inferring what the KPTI patches actually meant, and then this all happened. I'd like my vacation back, please. > On Sun, Jan 7, 2018 at 11:10 AM, Dave Taht wrote: >> On Sun, Jan 7, 2018 at 7:47 AM, Outback Dingo wrote: >>> OH hell... notifying all my "cohorts"...... thanks for the heads up >> >> Then go drinking. >> >> Aside from x86 arches (anyone have word on the x86 chip in the >> pcengines?), it looks like the mips chips simply were not advanced >> enough to have this level of speculation and out of order behavior. >> >> The turris omnia and a few other high end arm chips in this part of >> the embedded router space are also vulnerable (I'm hoping that the >> lede folk can compile a list) - but - if you can execute *any* >> malicious code as root on embedded boxes - which is usually the case - >> you've already won. >> >> The Mill, Itanium, MIPs, and older arms are ok. There are huge lists >> being assembled on wikipedia, reddit, and elsewhere. >> >> My own terror is primarily for stuff in the cloud. There IS a vendor >> renting time on bare metal in-expensively, which I'm considering. >> >> (example: https://www.packet.net/bare-metal/servers/type-2a/) >> >> Ironically all the bufferbloat.net services used to run on bare metal, >> until the competing lower costs of the cloud knocked isc.org out of >> the business. >> >> >> >>> >>> On Sun, Jan 7, 2018 at 10:15 AM, Dave Taht wrote: >>>> https://plus.google.com/+KristianK%C3%B6hntopp/posts/6CduVXSy6Kd >>>> >>>> There comes a time after coping with security holes nonstop for 5 days >>>> straight, when it is best to log off the internet entirely, stop >>>> thinking, drink lots of rum, and go surfing. >>>> >>>> Today is that day, for me. >>>> >>>> -- >>>> >>>> Dave T=C3=A4ht >>>> CEO, TekLibre, LLC >>>> http://www.teklibre.com >>>> Tel: 1-669-226-2619 >>>> _______________________________________________ >>>> Cerowrt-devel mailing list >>>> Cerowrt-devel@lists.bufferbloat.net >>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel >> >> >> >> -- >> >> Dave T=C3=A4ht >> CEO, TekLibre, LLC >> http://www.teklibre.com >> Tel: 1-669-226-2619 --=20 Dave T=C3=A4ht CEO, TekLibre, LLC http://www.teklibre.com Tel: 1-669-226-2619 _______________________________________________ Cerowrt-devel mailing list Cerowrt-devel@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cerowrt-devel