Response to the "Meltdown" Vulnerability

Contributed by rueda on 2018-01-06 from the moronoculture dept.

A message to tech@ from Philip Guenther (guenther@) provides the first public information from developers regarding the OpenBSD response to the recently announced CPU vulnerabilities:

So, yes, we the OpenBSD developers are not totally asleep and a handful of
us are working out how to deal with Intel's fuck-up aka the Meltdown
attack.  While we have the advantage of less complexity in this area (e.g.,
no 32bit-on-64bit compat), there's still a pile of details to work through
about what has to be *always* in the page tables vs what can/should/must be
hidden.

Read it and weep…

(Comments are closed)

Comments

By Noryungi (noryungi) noryungi@yahoo.com on 2018-01-07 02:21

To me, the "money quote" from the above mail was the following:

"We have received *no* non-public information. I've seen posts elsewhere by other *BSD people implying that they receive little or no prior warning, so I have no reason to believe this was specific to OpenBSD and/or our philosophy."

Let that sink in for a moment: none of the BSDs has been warned in advance. None. The only people to get information are Microsoft, Apple and probably Red Hat and other largish Linux distros... Even though Intel knew of these flaws since June 2017.

OpenBSD devs only got information because of the noise on the Linux Kernel mailing lists. This is a disgusting and irresponsible attitude from the people at Intel and other companies.

Is this how "minority" operating systems are going to be treated in the future? I hope not.

By the way, Matthew Dillon of DragonflyBSD had some choice words for Intel : http://lists.dragonflybsd.org/pipermail/users/2018-January/313758.html
Comments
1. By Bobby Foster (babymild) bobbyjamesfosterforums@gmail.com on 2018-01-08 03:48
  
  interesting timeline for Ubuntu here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown?_ga=2.256521547.1351854662.1515382986-1697653471.1514323332

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (7)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (2)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]