[Cerowrt-devel] KASLR: Do we have to worry about other arches than x86?
Joel Wirāmu Pauling
joel at aenertia.net
Thu Jan 4 16:57:40 EST 2018
Yup - and I know of more than one SDN ISP that is using Lede as their CPE
VNF - straight off the x86 build servers.
Whilst it's more a Hyper-visor mitigation there are certainly things guest
can do to improve situation.
But yes we should look at both cases in detail.
On 5 January 2018 at 10:54, Dave Taht <dave.taht at gmail.com> wrote:
> On Thu, Jan 4, 2018 at 1:52 PM, Joel Wirāmu Pauling <joel at aenertia.net>
> wrote:
> > Well as I've argued before Lede ideally should be using to Kernel
> Namespaces
> > (poor mans containers) for at a minimum the firewall and per-interface
> > routing instances.
>
> Enough stuff landed in the last kernel for me to finally consider that
> feasible.
>
> >
> > The stuff I am running at home is mostly on cheap Atom board, so it's a
> > matter of squeezing out unneeded cruft on the platform. Also I don't
> want to
> > be admining centos/rhel servers at home.
>
> OK, so currently shipped gear is a big unknown then.
>
> >
> > On 5 January 2018 at 10:47, Dave Taht <dave.taht at gmail.com> wrote:
> >>
> >> On Thu, Jan 4, 2018 at 1:44 PM, Joel Wirāmu Pauling <joel at aenertia.net>
> >> wrote:
> >> >
> >> >
> >> > On 5 January 2018 at 01:09, Jonathan Morton <chromatix99 at gmail.com>
> >> > wrote:
> >> >>
> >> >>
> >> >>
> >> >> I don't think we need to worry about it too much in a router context.
> >> >> Virtual server folks, OTOH...
> >> >>
> >> >> - Jonathan Morton
> >> >>
> >> > Disagree - The Router is pretty much synonymous with NFV
> >> >
> >> > ; I run my lede instances at home on hypervisors - and this is
> >> > definitely
> >> > the norm in Datacentres now. We need to work through this quite
> >> > carefully.
> >>
> >> Yes, the NFV case is serious and what I concluded we had most to worry
> >> about - before starting to worry about the lower end router chips
> >> themselves. But I wasn't aware that people were actually trying to run
> >> lede in that, I'd kind of expected
> >> a more server-like distro to be used there. Why lede in a NFV? Ease of
> >> configuration? Reduced attack surface? (hah)
> >>
> >> The only x86 chip I use (aside from simulations) is the AMD one in the
> >> apu2, which I don't know enough about as per speculation...
> >>
> >> --
> >>
> >> Dave Täht
> >> CEO, TekLibre, LLC
> >> http://www.teklibre.com
> >> Tel: 1-669-226-2619
> >
> >
>
>
>
> --
>
> Dave Täht
> CEO, TekLibre, LLC
> http://www.teklibre.com
> Tel: 1-669-226-2619
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20180105/6570820b/attachment.html>
More information about the Cerowrt-devel
mailing list