[Cerowrt-devel] KASLR: Do we have to worry about other arches than x86?

dpreed at deepplum.com dpreed at deepplum.com
Thu Jan 4 17:02:56 EST 2018

Containers and kernel namespaces, and so forth are MEANINGLESS against the Meltdown and Sceptre problems. It's a hardware bug that lets any userspace process access anything the kernel can address.
-----Original Message-----
From: "Joel Wirāmu Pauling" <joel at aenertia.net>
Sent: Thursday, January 4, 2018 4:52pm
To: "Dave Taht" <dave.taht at gmail.com>
Cc: "Jonathan Morton" <chromatix99 at gmail.com>, cerowrt-devel at lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] KASLR: Do we have to worry about other arches than x86?

Well as I've argued before Lede ideally should be using to Kernel Namespaces (poor mans containers) for at a minimum the firewall and per-interface routing instances.

The stuff I am running at home is mostly on cheap Atom board, so it's a matter of squeezing out unneeded cruft on the platform. Also I don't want to be admining centos/rhel servers at home.

On 5 January 2018 at 10:47, Dave Taht <[ dave.taht at gmail.com ]( mailto:dave.taht at gmail.com )> wrote:

On Thu, Jan 4, 2018 at 1:44 PM, Joel Wirāmu Pauling <[ joel at aenertia.net ]( mailto:joel at aenertia.net )> wrote:
 > On 5 January 2018 at 01:09, Jonathan Morton <[ chromatix99 at gmail.com ]( mailto:chromatix99 at gmail.com )> wrote:
 >> I don't think we need to worry about it too much in a router context.
 >> Virtual server folks, OTOH...
 >>  - Jonathan Morton
 > Disagree - The Router is pretty much synonymous with NFV
 > ; I run my lede instances at home on hypervisors - and this is definitely
 > the norm in Datacentres now. We need to work through this quite carefully.

Yes, the NFV case is serious and what I concluded we had most to worry
 about - before starting to worry about the lower end router chips
 themselves. But I wasn't aware that people were actually trying to run
 lede in that, I'd kind of expected
 a more server-like distro to be used there. Why lede in a NFV? Ease of
 configuration? Reduced attack surface? (hah)

 The only x86 chip I use (aside from simulations) is the AMD one in the
 apu2, which I don't know enough about as per speculation...


 Dave Täht
 CEO, TekLibre, LLC
[ http://www.teklibre.com ]( http://www.teklibre.com )
 Tel: 1-669-226-2619
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20180104/56014e18/attachment.html>

More information about the Cerowrt-devel mailing list