FreeBSD MDS Mitigation
peter.blok at bsd4all.org
peter.blok at bsd4all.org
Thu Jul 11 12:16:29 UTC 2019
I’m sorry but if you really care about security you have to read the advisory and stop assuming things.
For every complaint why this is disabled by default, there will 10 complaints why it was enabled by default and broke things.
Having said this, I could see the benefit of reporting the fact that a certain security measure is disabled in the daily security reports, hoping someone reads it together with the executables that suddenly have been setuid for root.
Peter
> On 10 Jul 2019, at 18:37, Kevin via freebsd-security <freebsd-security at freebsd.org> wrote:
>
> Hello list. I am reading this page about FreeBSD security [ https://vez.mrsk.me/freebsd-defaults.html ] and it says the Intel MDS mitigation is off by default. So I tried.
>
> % sysctl hw.mds_disable_state
> hw.mds_disable_state: inactive
>
> Now I see the instructions in the advisory, but what about anyone who didn't? Or who did a new install and didn't read past advisories?
>
> I have an Intel CPU that is vulnerable. By applying the update and installing the microcode package, I thought I was safe.
>
> Why? Why does FreeBSD let its users be vulnerable?
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list