From: valdis.kletnieks@vt.edu
To: dpreed <dpreed@reed.com>
Cc: Dave Taht <dave.taht@gmail.com>,
Rich Brown <richb.hanover@gmail.com>,
"cerowrt-devel@lists.bufferbloat.net"
<cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] dnsmasq CVEs
Date: Sat, 07 Oct 2017 16:42:00 -0400 [thread overview]
Message-ID: <82956.1507408920@turing-police.cc.vt.edu> (raw)
In-Reply-To: <59d8d7b6.06c3370a.2a6e1.858eSMTPIN_ADDED_BROKEN@mx.google.com>
[-- Attachment #1: Type: text/plain, Size: 746 bytes --]
On Sat, 07 Oct 2017 09:33:34 -0400, dpreed said:
> They are not. The hardware designers at the chip and board level know little
> or nothing about security techniques. They don't work with systems people who
> build with their hardware to limit undefined or covert behaviors.
It's worse than that. The hardware people are now intentionally building the
chipsets with covert behavior baked right into the chip.
Know how x86 people complain that SSM mode introduces jitter? That's just the
tip of the iceberg. Believe it or not, there's an entire IPv4/IPv6 stack *and
a webserver* hiding in there...
https://schd.ws/hosted_files/ossna2017/91/Linuxcon%202017%20NERF.pdf
Gaak. Have some strong adult beverage handy, you'll be needing it....
[-- Attachment #2: Type: application/pgp-signature, Size: 486 bytes --]
next prev parent reply other threads:[~2017-10-07 20:42 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-04 0:43 Rich Brown
2017-10-04 3:49 ` Dave Taht
2017-10-04 13:12 ` David P Reed
2017-10-04 16:38 ` Dave Taht
2017-10-07 13:33 ` dpreed
2017-10-07 20:54 ` dpreed
[not found] ` <59d8d7ae.5b37c80a.9c70e.c057SMTPIN_ADDED_BROKEN@mx.google.com>
2017-10-07 18:32 ` Dave Taht
2017-10-07 20:28 ` Dave Taht
[not found] ` <59d8d7b6.06c3370a.2a6e1.858eSMTPIN_ADDED_BROKEN@mx.google.com>
2017-10-07 20:42 ` valdis.kletnieks [this message]
2017-10-09 8:32 ` Mikael Abrahamsson
2017-10-09 17:33 ` Dave Taht
2017-10-09 18:37 ` dpreed
-- strict thread matches above, loose matches on Subject: below --
2017-10-02 18:18 [Cerowrt-devel] dnsmasq cves Dave Taht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=82956.1507408920@turing-police.cc.vt.edu \
--to=valdis.kletnieks@vt.edu \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=dave.taht@gmail.com \
--cc=dpreed@reed.com \
--cc=richb.hanover@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox