From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk0-x244.google.com (mail-qk0-x244.google.com [IPv6:2607:f8b0:400d:c09::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 4041C3CB3B for ; Mon, 8 Jan 2018 10:49:30 -0500 (EST) Received: by mail-qk0-x244.google.com with SMTP id j137so14665744qke.10 for ; Mon, 08 Jan 2018 07:49:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=YWB6Or/cS0kz7O1SMX18rZkfeU+aXDA2ePnpeyyBj5g=; b=Yz1DTqMiO64cttVFcPoK9KgtUZYR0O8JGjGx+DYyjoaBTdS81lnR4AaeEVRyFGm8VF Nh5dw0Fclu4yPHFQnm8sfK+22c0FGujLj44EIHxT0q2/5KDiIZGBy2HOEKs3dhJam9Ng 94vu8QqvUxUi85PBdapRVllljbA657DR6diCLIMFNO3l0ZCoujcBqaTa86+/74UN69v1 YU/XzJ6fAEZRfnaDRz8ttzxe3oLk6OhgCFON2y+TInR2J6IgM9FatMvETDchoFhpo53D QY4dHl8QxeBEckZOne8Hck7lAn1ABZdp1G4Jhik7C4vN9viWAz79mX+OR0osalFpXmDl +YoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=YWB6Or/cS0kz7O1SMX18rZkfeU+aXDA2ePnpeyyBj5g=; b=Gh1dQ9mFpPlKACDiUTVEFu/3x6BDn91gQL7ZLC8u9JWPylBRC4OJpv8c7uZoL+76fd O6ffEWyaQ5XeoEpU+EXHYkZ1rF/n0QXjgc1AYSIqdsICyJEzyPrnF45cH/T5mZ96RXJS +vU4owDFjljDvWurKOr+O65zvMbM+44ZWi6BOJQ4Kg7cTRh5LIs53Xy+EBwcFN5wyBRg gJXN2Dkq7X2m1eidkB8HXLBHvjv5cjSzK4xd4rZIYU9fn2Q4PJQ7Oa/LmKGWPU/pJVBA gH53qkM9S2JhNuUz+4LTrQafS/yc5JJp6eYmad/tAV0FvLAYbn0GvG7er7qZMLGQwpjG DvvQ== X-Gm-Message-State: AKwxytdZyDZvi6RF9uqlRh18GXNsOsdEQCM1C3rth8yMSTVE0KuRkJYZ u6BMtyfHM2KcjBztwZqbAns0ytW4yyw3yKlMIvM= X-Google-Smtp-Source: ACJfBouLb07bJwlabKx353BQ+5/jTnv7mBRmK7YhQvIorAVtE0ebTURkd98UP7vLmO4tKT3jmz1cNs5Sy/G6xEp9uVM= X-Received: by 10.55.128.131 with SMTP id b125mr16085576qkd.17.1515426569741; Mon, 08 Jan 2018 07:49:29 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.193.93 with HTTP; Mon, 8 Jan 2018 07:49:29 -0800 (PST) In-Reply-To: <1515351819.800420254@mobile.rackspace.com> References: <1515351819.800420254@mobile.rackspace.com> From: Dave Taht Date: Mon, 8 Jan 2018 07:49:29 -0800 Message-ID: To: "dpreed@deepplum.com" Cc: Outback Dingo , cerowrt-devel@lists.bufferbloat.net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Cerowrt-devel] aarch64 exploit POC X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2018 15:49:30 -0000 On Sun, Jan 7, 2018 at 11:03 AM, dpreed@deepplum.com wrote: > Even the Intel meltdown cannot reach between VMs that use hardware virtua= l memory. mmm... let me quote a something in a sec. My heads spins when vms are inside of vms. > Relax, Dave. I did: https://scontent.fsjo2-1.fna.fbcdn.net/v/t34.0-12/26793638_138885946783309_= 1475552364_n.jpg?oh=3D692de1a97ec9846dff12fe4a9656d8fc&oe=3D5A54B3ED (not sure if that requires perms to see) I feel much better today. > > The cloud now mostly uses hardware VMs. AWS old Xen instances, and contai= ners are subject to bad meltdown cloud attacks across containers. I am still waiting for official word and reboots from linode as to what they will be doing. I think we're still on a mix of xen and kvm substrates and have no insight into the underlying hardware either. Can I get a discount for running stuff I don't care about on obsolete hardware? The 5 dollar insecurity special? For test builds, having a 16 way xeon available for cheap would be helpful. Oh, wait, snapon looks like that already... > > Sad about ARM, but ARM servers are pretty rare at this time. > > Attacking a PC to expose kernel data via Meltdown is fixed in Linux now. For a definition of now that includes having a kernel that supports it. >And a victim domain has to execute attacker chosen code and data to be Spe= ctre vulnerable. So avoid running things as root or letting viruses run in = protected domains. > > It helps to try to figure out exactly what exploits can do. Broad general= ities are insufficient. > > It really bugs me that compiler writers are thinking that they are the so= lution. Well, inside a protected domain (like the kernel) where you can control compilation options completely, does help. > It's a lot easier to fix Spectre in microcode, and Meltdown in the OS pag= ing maps. Concur, but i am worried about the interrupt code still living in KPTI userspace. One of the more insightful messages on lkml (cc'd netdev) is this one from: - https://patchwork.kernel.org/patch/10147427/ "Reptolines alone are leaving a whole set of stuff unfixed: register hygiene still missing, bios/firmware calls still require ibrs, all asm has to be audited by hand as there's no sure asm scanner I know of (grep can go somewhere though) and the gcc dependency isn't very flexible to begin with, and they don't help with lfence/mfence across bound checks, they still require IBPB and stuff_RSB() to avoid guest/user mode against guest/user spectre variant#2 attacks." " " > -----Original > From: "Dave Taht" > Sent: Sun, Jan 7, 2018 at 11:46 am > To: "Outback Dingo" > Cc: "Outback Dingo" , cerowrt-devel@lists.bufferb= loat.net > Subject: Re: [Cerowrt-devel] aarch64 exploit POC > > On Sun, Jan 7, 2018 at 8:21 AM, Outback Dingo wrote: >> yes but i would think you would post it to the LEDE / OpenWRT lists also > > I'm not reading that email account of mine at the moment, and I'd hope > folk over there are already all over this. > > I only logged in long enough to send out a happy new year to everyone. > I was prepping to spend a few days > finishing up the netem patches and maybe trying to submit cake again > before the submission window closed, and then I made the mistake of > inferring what the KPTI patches actually meant, and then this all > happened. > > I'd like my vacation back, please. > >> On Sun, Jan 7, 2018 at 11:10 AM, Dave Taht wrote: >>> On Sun, Jan 7, 2018 at 7:47 AM, Outback Dingo wrote: >>>> OH hell... notifying all my "cohorts"...... thanks for the heads up >>> >>> Then go drinking. >>> >>> Aside from x86 arches (anyone have word on the x86 chip in the >>> pcengines?), it looks like the mips chips simply were not advanced >>> enough to have this level of speculation and out of order behavior. >>> >>> The turris omnia and a few other high end arm chips in this part of >>> the embedded router space are also vulnerable (I'm hoping that the >>> lede folk can compile a list) - but - if you can execute *any* >>> malicious code as root on embedded boxes - which is usually the case - >>> you've already won. >>> >>> The Mill, Itanium, MIPs, and older arms are ok. There are huge lists >>> being assembled on wikipedia, reddit, and elsewhere. >>> >>> My own terror is primarily for stuff in the cloud. There IS a vendor >>> renting time on bare metal in-expensively, which I'm considering. >>> >>> (example: https://www.packet.net/bare-metal/servers/type-2a/) >>> >>> Ironically all the bufferbloat.net services used to run on bare metal, >>> until the competing lower costs of the cloud knocked isc.org out of >>> the business. >>> >>> >>> >>>> >>>> On Sun, Jan 7, 2018 at 10:15 AM, Dave Taht wrote: >>>>> https://plus.google.com/+KristianK%C3%B6hntopp/posts/6CduVXSy6Kd >>>>> >>>>> There comes a time after coping with security holes nonstop for 5 day= s >>>>> straight, when it is best to log off the internet entirely, stop >>>>> thinking, drink lots of rum, and go surfing. >>>>> >>>>> Today is that day, for me. >>>>> >>>>> -- >>>>> >>>>> Dave T=C3=83=C2=A4ht >>>>> CEO, TekLibre, LLC >>>>> http://www.teklibre.com >>>>> Tel: 1-669-226-2619 >>>>> _______________________________________________ >>>>> Cerowrt-devel mailing list >>>>> Cerowrt-devel@lists.bufferbloat.net >>>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel >>> >>> >>> >>> -- >>> >>> Dave T=C3=83=C2=A4ht >>> CEO, TekLibre, LLC >>> http://www.teklibre.com >>> Tel: 1-669-226-2619 > > > > -- > > Dave T=C3=83=C2=A4ht > CEO, TekLibre, LLC > http://www.teklibre.com > Tel: 1-669-226-2619 > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > > --=20 Dave T=C3=A4ht CEO, TekLibre, LLC http://www.teklibre.com Tel: 1-669-226-2619