From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <outbackdingo@gmail.com>
Received: from mail-wm0-x243.google.com (mail-wm0-x243.google.com
 [IPv6:2a00:1450:400c:c09::243])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id A424D3B2A4
 for <cerowrt-devel@lists.bufferbloat.net>;
 Sun,  7 Jan 2018 11:22:16 -0500 (EST)
Received: by mail-wm0-x243.google.com with SMTP id f206so10189648wmf.5
 for <cerowrt-devel@lists.bufferbloat.net>;
 Sun, 07 Jan 2018 08:22:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc:content-transfer-encoding;
 bh=CK61kOpH/xu16DoFsamsJvxbQYY3CEAjtrwbN4V7HA4=;
 b=UoRxVpiLURXmq2/0IB6AwDtFeQ0W+wlRX1kR1+LOjfxxsU6veJiz5FWd/DUJVhtbNF
 oxQT+M6slZ8QQG3wVMnW04lwK9jAOK47i1VVLincsFH/6Qv89K447Q+jrVeWXw42G2HT
 N9kY4M+9298V1xPhESgFjMYTaz3i0m8u6bDhAO0uR7eq1jVMsFNABptg7xKjU0HyGqZA
 Ae9F9H/BfVGnC9bsyO3RWgHfPvANp8jRjWTZlndHJOCmiL2SVWc/O4RhyQ8aQqWOKt1T
 iPCad4EB6BUHjBlVmYjNL7XmEy/bk1FuqBzqfsJV6eA3aCp1K93hS/ugCrDATpDVGEpJ
 tqcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc:content-transfer-encoding;
 bh=CK61kOpH/xu16DoFsamsJvxbQYY3CEAjtrwbN4V7HA4=;
 b=QBRQPD/FBXMLXszpb2Y3kzZ6NOuf+GSeaRByIU87Trdt8UpbxPRUz4O4AceeCWAbnk
 d8do85m6J6B56n+MKdkdiq3kHN6ZwGi8XXtc8VEvO0mdmdE+KPWOw6YYHYA+nt48cLr9
 SQWep702/MCg6+eR/vYkkeWbe8C0cIum/PYv0fH4nj2v23LWYMKHtiUHRqq+GRXN8Ov2
 ZqLVoKG+u0pJCobcUX9SniMGgfF0xm1z3QWHWp6KZhHLS9eT09Tyt4sx0lFM5tt1lEfu
 4/zesf6AmVgJntlmGGmXigSue3k0z0/T2QTt+VtQPi5RD1h2ORPAEPjz+aExQA7CDqRF
 Mctg==
X-Gm-Message-State: AKGB3mJnKOuLMQ2ABU0vOMix0dtamhUV3IqUc3AbfE3RtxIO/syzIwLI
 8D9sSzthaaF35q+BoTJLb7u26Vg9rQbJWXdP5oc=
X-Google-Smtp-Source: ACJfBouUTBVgDJ3zrSBA3utouu1w8CB+0nuNahy9YJBNvcfoHgr/Hn1mdj8WAoooaVdRoyqz/6VC0FRuwKwtoMEPB/E=
X-Received: by 10.28.216.79 with SMTP id p76mr6715360wmg.44.1515342135202;
 Sun, 07 Jan 2018 08:22:15 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.142.112 with HTTP; Sun, 7 Jan 2018 08:21:34 -0800 (PST)
In-Reply-To: <CAA93jw6JQs+rwTPWC2kfQqY1YsYhffSFJbVkkSgYBnj74t=tnw@mail.gmail.com>
References: <CAA93jw7NpeMjpayH4p_6W4GK-xK3kqUM+_tKfV_MKxn6RMuqQQ@mail.gmail.com>
 <CAKYr3zzs3-6u0p-OqnCR9N9p9eQW5au3ALmfY=9DaWH14AGR0w@mail.gmail.com>
 <CAA93jw6JQs+rwTPWC2kfQqY1YsYhffSFJbVkkSgYBnj74t=tnw@mail.gmail.com>
From: Outback Dingo <outbackdingo@gmail.com>
Date: Sun, 7 Jan 2018 11:21:34 -0500
Message-ID: <CAKYr3zydSZB3-_dL46T0_qwtkSa=ZRmPP3kuaB+JOCcWmPrtbw@mail.gmail.com>
To: Dave Taht <dave.taht@gmail.com>
Cc: cerowrt-devel@lists.bufferbloat.net
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Cerowrt-devel] aarch64 exploit POC
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
 <cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Sun, 07 Jan 2018 16:22:16 -0000

yes but i would think you would post it to the LEDE / OpenWRT lists also

On Sun, Jan 7, 2018 at 11:10 AM, Dave Taht <dave.taht@gmail.com> wrote:
> On Sun, Jan 7, 2018 at 7:47 AM, Outback Dingo <outbackdingo@gmail.com> wr=
ote:
>> OH hell...  notifying all my "cohorts"...... thanks for the heads up
>
> Then go drinking.
>
> Aside from x86 arches (anyone have word on the x86 chip in the
> pcengines?), it looks like the mips chips simply were not advanced
> enough to have this level of speculation and out of order behavior.
>
> The turris omnia and a few other high end arm chips in this part of
> the embedded router space are also vulnerable (I'm hoping that the
> lede folk can compile a list) - but - if you can execute *any*
> malicious code as root on embedded boxes - which is usually the case -
> you've already won.
>
> The Mill, Itanium, MIPs, and older arms are ok. There are huge lists
> being assembled on wikipedia, reddit, and elsewhere.
>
> My own terror is primarily for stuff in the cloud. There IS a vendor
> renting time on bare metal in-expensively, which I'm considering.
>
> (example: https://www.packet.net/bare-metal/servers/type-2a/)
>
> Ironically all the bufferbloat.net services used to run on bare metal,
> until the competing lower costs of the cloud knocked isc.org out of
> the business.
>
>
>
>>
>> On Sun, Jan 7, 2018 at 10:15 AM, Dave Taht <dave.taht@gmail.com> wrote:
>>> https://plus.google.com/+KristianK%C3%B6hntopp/posts/6CduVXSy6Kd
>>>
>>> There comes a time after coping with security holes nonstop for 5 days
>>> straight, when it is best to log off the internet entirely, stop
>>> thinking, drink lots of rum, and go surfing.
>>>
>>> Today is that day, for me.
>>>
>>> --
>>>
>>> Dave T=C3=A4ht
>>> CEO, TekLibre, LLC
>>> http://www.teklibre.com
>>> Tel: 1-669-226-2619
>>> _______________________________________________
>>> Cerowrt-devel mailing list
>>> Cerowrt-devel@lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>
>
> --
>
> Dave T=C3=A4ht
> CEO, TekLibre, LLC
> http://www.teklibre.com
> Tel: 1-669-226-2619