On Fri, Jan 5, 2018 at 7:34 AM, Walter Dnes wrote:
>
> I wonder if it's possible to compile a web browser with protection
> against the exploits, but turn it off for other apps. That would
> protect against external attacks, while not hurting local app speed.
>
There are three exploits, all re
The most heavily exposed application will be your web browser. It
runs various foreign code directly on your machine...
* web assembler
* java
* javascript
* ecmascript (part of Adobe Flash)
I wonder if it's possible to compile a web browser with protection
against the exploits, but turn it
On Thu, Jan 4, 2018 at 9:12 PM, Walter Dnes wrote:
>
> There are 2 vulnerabities at play here, both caused by speculative
> execution...
Actually, there are 3 related ones, with two names between them.
Can't imagine why there is so much confusion...
> 2) "Spectre" is the reading, by one userla
On Thu, Jan 04, 2018 at 11:10:01AM -0500, Rich Freeman wrote
> On Thu, Jan 4, 2018 at 11:02 AM, Holger Hoffstätte
> wrote:
> > On Wed, 03 Jan 2018 15:53:07 -0500, Rich Freeman wrote:
> >
> >> On Wed, Jan 3, 2018 at 3:35 PM, Wols Lists
> >> wrote:
> >>>
> >>> And as I understand it the code can b
On Thu, Jan 4, 2018 at 11:02 AM, Holger Hoffstätte
wrote:
> On Wed, 03 Jan 2018 15:53:07 -0500, Rich Freeman wrote:
>
>> On Wed, Jan 3, 2018 at 3:35 PM, Wols Lists wrote:
>>>
>>> And as I understand it the code can be disabled with either a compile
>>> time option or command line switch to the ke
On Wed, 3 Jan 2018 15:53:07 -0500, Rich Freeman wrote:
> I believe the kernel went with "Page Table Isolation (PTI)" rather
> that KAISER, probably to avoid ethnic issues. Apparently this was
> deemed to have a more acceptable acronym than Forcefully Unmap
> Complete Kernel With Interrupt Trampol
On Wed, Jan 3, 2018 at 3:35 PM, Wols Lists wrote:
>
> And as I understand it the code can be disabled with either a compile
> time option or command line switch to the kernel.
I suspect the compile-time option is PAGE_TABLE_ISOLATION (which was
newly added in 4.14.11). The command line option no
On 02/01/18 22:58, Adam Carter wrote:
> AMD coder's patch to disable the new code (to avoid the performance hit)
> where he states the issue doesnt exist on AMD processors;
> https://lkml.org/lkml/2017/12/27/2
Read LWN, specifically the links to the people who covered the bug.
It's a flaw in spec
>
> And on that note I see that upstream just released 4.14.11 containing
> what is widely speculated as a fix for an Intel CPU security
> vulnerability. I noticed that it doesn't disable the
> performance-impacting setting on AMD CPUs. Though, right now only AMD
> could say whether this is neces
On Tue, Jan 2, 2018 at 3:20 PM, Kai Krakow wrote:
>
> It's adequate to update your software when a security hole was fixed - on
> the point. Not two or three months later...
>
And on that note I see that upstream just released 4.14.11 containing
what is widely speculated as a fix for an Intel CPU
10 matches
Mail list logo
