Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"Intelligence without character is a dangerous thing." -- G. Steinem

computers / comp.os.linux.misc / Re: Kernel-5.16 Addendum

SubjectAuthor
* Kernel-5.16 AddendumDiego Garcia
`* Re: Kernel-5.16 AddendumAragorn
 `- Re: Kernel-5.16 AddendumDiego Garcia

1
Kernel-5.16 Addendum

<16ca755af88befb0$1$4039542$802601b3@news.usenetexpress.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=6834&group=comp.os.linux.misc#6834

  copy link   Newsgroups: comp.os.linux.misc
From: dg...@chaos.info (Diego Garcia)
Subject: Kernel-5.16 Addendum
Newsgroups: comp.os.linux.misc
User-Agent: Pan/0.147 (Sweet Solitude; 97d1711 refs/keep-around/97d1711be78cca5da38120c26f5db545ab0822ed)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Message-ID: <16ca755af88befb0$1$4039542$802601b3@news.usenetexpress.com>
Lines: 26
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!feeder.usenetexpress.com!tr1.iad1.usenetexpress.com!news.usenetexpress.com!not-for-mail
Date: Sat, 15 Jan 2022 13:40:47 +0000
NNTP-Posting-Date: Sat, 15 Jan 2022 13:40:47 +0000
X-Received-Bytes: 1365
Organization: UsenetExpress - www.usenetexpress.com
X-Complaints-To: abuse@usenetexpress.com
 by: Diego Garcia - Sat, 15 Jan 2022 13:40 UTC

Kernel-5.16 is out.

After building and booting, check the "security:"

[~]# grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Processor vulnerable
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable; SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable: __user pointer sanitization and user
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable, STIBP: disabled
/sys/devices/system/cpu/vulnerabilities/srbds:Vulnerable: No microcode
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected

So my system is vulnerable to the max. But who cares?

Contrast this with the average distro kernel that is crippled to the hilt
with security.

DIY is the only way to go.

--
Scratch your technical itch:
https://www.linuxfromscratch.org/

Re: Kernel-5.16 Addendum

<20220115205313.7583964e@nx-74205>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=6848&group=comp.os.linux.misc#6848

  copy link   Newsgroups: comp.os.linux.misc
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: thoron...@telenet.be (Aragorn)
Newsgroups: comp.os.linux.misc
Subject: Re: Kernel-5.16 Addendum
Date: Sat, 15 Jan 2022 20:53:13 +0100
Organization: A noiseless patient Strider
Lines: 15
Message-ID: <20220115205313.7583964e@nx-74205>
References: <16ca755af88befb0$1$4039542$802601b3@news.usenetexpress.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: reader02.eternal-september.org; posting-host="f03a9c91bbdf344cfe3169e8fa181fbf";
logging-data="10551"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/4Au+sTZjiwMergS+kMoxO"
Cancel-Lock: sha1:N8M5V/gM1pDeAqUUGqkjiPfnKGA=
X-Newsreader: Claws Mail 4.0.0 (GTK+ 3.24.31; x86_64-pc-linux-gnu)
 by: Aragorn - Sat, 15 Jan 2022 19:53 UTC

On 15.01.2022 at 13:40, Diego Garcia scribbled:

> So my system is vulnerable to the max. But who cares?
>
> Contrast this with the average distro kernel that is crippled to the
> hilt with security.

They wouldn't be a need to cripple them if the CPU makers were to get
their shit together in the first place. They are microcode patches for
design flaws in the hardware itself.

--
With respect,
= Aragorn =

Re: Kernel-5.16 Addendum

<16cb1826ed99bd0d$1$4098531$802601b3@news.usenetexpress.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=6858&group=comp.os.linux.misc#6858

  copy link   Newsgroups: comp.os.linux.misc
From: dg...@chaotic.info (Diego Garcia)
Subject: Re: Kernel-5.16 Addendum
Newsgroups: comp.os.linux.misc
References: <16ca755af88befb0$1$4039542$802601b3@news.usenetexpress.com> <20220115205313.7583964e@nx-74205>
User-Agent: Pan/0.146 (Hic habitat felicitas; d7a48b4 gitlab.gnome.org/GNOME/pan.git)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Message-ID: <16cb1826ed99bd0d$1$4098531$802601b3@news.usenetexpress.com>
Lines: 38
Path: i2pn2.org!i2pn.org!aioe.org!news.uzoreto.com!tr1.eu1.usenetexpress.com!feeder.usenetexpress.com!tr1.iad1.usenetexpress.com!news.usenetexpress.com!not-for-mail
Date: Mon, 17 Jan 2022 15:24:04 +0000
NNTP-Posting-Date: Mon, 17 Jan 2022 15:24:04 +0000
X-Received-Bytes: 1898
X-Complaints-To: abuse@usenetexpress.com
Organization: UsenetExpress - www.usenetexpress.com
 by: Diego Garcia - Mon, 17 Jan 2022 15:24 UTC

On Sat, 15 Jan 2022 20:53:13 +0100, Aragorn wrote:

> On 15.01.2022 at 13:40, Diego Garcia scribbled:
>
>> So my system is vulnerable to the max. But who cares?
>>
>> Contrast this with the average distro kernel that is crippled to the
>> hilt with security.
>
> They wouldn't be a need to cripple them if the CPU makers were to get
> their shit together in the first place. They are microcode patches for
> design flaws in the hardware itself.
>

Thay are NOT design flaws. They are very creative mechanisms to
improve processor performance. Just because they can be exploited
by parties with malicious intent does not make them flaws.

A thief can very easily smash the windows on your car or home to
quicky gain entry. Does that make car windows or home windows
a design flaw?

No. The only flaw is the thief.

But such security concerns are hardly relevant to a desktop
workstation. Only public-facing servers that host virtual machines
need to cripple their processors.

Keep in mind that the security obsession goes well beyond things
like Meltdown or Rowhammer. I believe that most distros also
build all software with protection schemes like stack protection
and "canaries." Since GNU/Linux is mostly C programs the addition
of a canary to every subroutine call can be quite expensive.

Gentoo offers a hardening option, or profile, that users can select
to produce a hardened and protected system, but others can choose
to ignore it all.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor