Re: Meltdown – Spectre
Baho Utot
baho-utot at columbus.rr.com
Mon Jan 8 18:24:13 UTC 2018
On 1/8/2018 1:11 PM, Valeri Galtsev wrote:
>
>
> On 01/08/18 06:37, Aryeh Friedman wrote:
>> On Mon, Jan 8, 2018 at 7:28 AM, Baho Utot <baho-utot at columbus.rr.com>
>> wrote:
>>
>>>
>>>
>>> On 1/8/2018 4:15 AM, Aryeh Friedman wrote:
>>>
>>>> On Mon, Jan 8, 2018 at 3:57 AM, Matthias Apitz <guru at unixarea.de>
>>>> wrote:
>>>>
>>>> As I side note, and not related to FreeBSD: My Internet server is
>>>> run by
>>>>> some webhosting company (www.1blu.de), they use Ubuntu servers and
>>>>> since
>>>>> yesterday they have shutdown SSH access to the servers argumenting
>>>>> that
>>>>> they want
>>>>> protect my (all's) servers against attacks of Meltdown and Spectre.
>>>>>
>>>>> Imagine, next time we have to shutdown all IOT gadgets...
>>>>>
>>>>
>>>>
>>>> Not always possible for things like medical test
>>>> equipment/devices. For
>>>> example I maintain a specialized EMR for interacting with Dr.
>>>> prescribed
>>>> remote cardiac monitors. Having those off line is not an option since
>>>> they are used to detect if the patient needs something more serious
>>>> like a
>>>> pace maker (also almost always a IoT device these days) surgery.
>>>>
>>>> The actual monitoring is done on Windows and was attacked by some
>>>> ransomeware via a bit coin miner that somehow installed it self.
>>>> Since
>>>> all the users claim that they don't read email/upload/download
>>>> executables
>>>> or any other of the known attack vectors this leaves something like
>>>> Meltdown or Spectre. We have also detected issues on the CentOS
>>>> that has
>>>> the non-medical corporate site on it. The only machine left on
>>>> touched
>>>> on
>>>> the physical server (running some bare metal virtualization tool) is
>>>> the
>>>> FreeBSD machine that runs the actual EMR we wrote.
>>>>
>>>> TL;DR -- It seems Linux and Windows already have issues with these
>>>> holes
>>>> but I have seen little to no evidence that FreeBSD (when run as a
>>>> host).
>>>> In general when ever any virtualization issue (like the bleed
>>>> through on
>>>> Qemu last year) comes up FreeBSD is the one OS that seems to be immune
>>>> (thanks to good design of the OS and bhyve). This is the main
>>>> reason why
>>>> I chose FreeBSD over Linux as the reference host for PetiteCloud.
>>>>
>>>>
>>> This is not operating system specific, read the papers on theses
>>> two. it
>>> attacks the cpu, usally through a JIT
>>
>>
>> Please learn a little OS design theory before making insane claims.
>> Specifically it *ONLY* effects OS's that rely on the specific CPU
>> architecture (vs. a generic one). Namely if you strictly partition the
>> page table between userland and kernel space (which xxxBSD has always
>> done
>> and Linux has not) and don't use any CPU specific instructions to do so
>> (except for protected vs. unprotected mode in the original 386 design
>> FreeBSD does not do this while yet again microslut and linux do).
>>
>> For more info go read the more technical thread then here in -hackers@
>> and
>> -current at .
>
> Thanks, Aryeh! Your posts made my day today.
>
> Valeri
>
>
CERT states this:
http://www.kb.cert.org/vuls/id/584653
FreeBSD Project Affected-05 Jan 2018
More information about the freebsd-questions
mailing list