[Cerowrt-devel] dnsmasq CVEs

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Sat Oct 7 16:42:00 EDT 2017


On Sat, 07 Oct 2017 09:33:34 -0400, dpreed said:

> They are not. The hardware designers at the chip and board level know little
> or nothing about security techniques. They don't work with systems people who
> build with their hardware to limit undefined or covert behaviors.

It's worse than that.  The hardware people are now intentionally building the
chipsets with covert behavior baked right into the chip.

Know how x86 people complain that SSM mode introduces jitter?  That's just the
tip of the iceberg.  Believe it or not, there's an entire IPv4/IPv6 stack *and
a webserver* hiding in there...

https://schd.ws/hosted_files/ossna2017/91/Linuxcon%202017%20NERF.pdf

Gaak.  Have some strong adult beverage handy, you'll be needing it....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20171007/c98dd565/attachment.sig>


More information about the Cerowrt-devel mailing list