From owner-freebsd-hackers@freebsd.org  Wed May 15 08:31:44 2019
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 187C315AF9A9
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Wed, 15 May 2019 08:31:44 +0000 (UTC)
 (envelope-from peter@rulingia.com)
Received: from vtr.rulingia.com (vtr.rulingia.com
 [IPv6:2001:19f0:5801:ebe:5400:1ff:fe53:30fd])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "vtr.rulingia.com",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 19818819AC
 for <freebsd-hackers@freebsd.org>; Wed, 15 May 2019 08:31:42 +0000 (UTC)
 (envelope-from peter@rulingia.com)
Received: from server.rulingia.com (ppp59-167-167-3.static.internode.on.net
 [59.167.167.3])
 by vtr.rulingia.com (8.15.2/8.15.2) with ESMTPS id x4F8VWIM092108
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
 for <freebsd-hackers@freebsd.org>; Wed, 15 May 2019 18:31:38 +1000 (AEST)
 (envelope-from peter@rulingia.com)
X-Bogosity: Ham, spamicity=0.000000
Received: from server.rulingia.com (localhost.rulingia.com [127.0.0.1])
 by server.rulingia.com (8.15.2/8.15.2) with ESMTPS id x4F8VQ5U044642
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <freebsd-hackers@freebsd.org>; Wed, 15 May 2019 18:31:27 +1000 (AEST)
 (envelope-from peter@server.rulingia.com)
Received: (from peter@localhost)
 by server.rulingia.com (8.15.2/8.15.2/Submit) id x4F8VQ30044641
 for freebsd-hackers@freebsd.org; Wed, 15 May 2019 18:31:26 +1000 (AEST)
 (envelope-from peter)
Date: Wed, 15 May 2019 18:31:26 +1000
From: Peter Jeremy <peter@rulingia.com>
To: freebsd-hackers@freebsd.org
Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-19:07.mds
Message-ID: <20190515083126.GC65203@server.rulingia.com>
References: <20190515000302.44CBB1AB79@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt"
Content-Disposition: inline
In-Reply-To: <20190515000302.44CBB1AB79@freefall.freebsd.org>
X-PGP-Key: http://www.rulingia.com/keys/peter.pgp
User-Agent: Mutt/1.11.4 (2019-03-13)
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2019 08:31:44 -0000


--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2019-May-15 00:03:02 +0000, FreeBSD Security Advisories <security-adviso=
ries@freebsd.org> wrote:
>Systems with users or processors in different trust domains should disable
>Hyper-Threading by setting the machdep.hyperthreading_allowed tunable to 0:
>
># echo 'machdep.hyperthreading_allowed=3D0 >> /boot/loader.conf'
># shutdown

For maximum security, "shutdown -P now" would be better than a bare "shutdo=
wn".
I suspect "shutdown -r now" was intended here.

--=20
Peter Jeremy

--pf9I7BMVVzbSWLtt
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE7rKYbDBnHnTmXCJ+FqWXoOSiCzQFAlzbzl5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEVF
QjI5ODZDMzA2NzFFNzRFNjVDMjI3RTE2QTU5N0EwRTRBMjBCMzQACgkQFqWXoOSi
CzTcew/+M33D3nsKVYFTgGwKWN84i0SL4ASHg60tDDZa6O5ZIlI++iaFBJ7Q/4X6
b4i6Kj1FrU5ANJbHo95AP2lz9srMPgCixTFt0m67bwAxlhBBcKG1sUNWIuZT3d9C
SwwXzq2O7GREuKWa2se/Wylrt4lKOrJMYaABO0PY5SqD3OyWzATfYOm867W0GQlv
nNlauUneoLoRUeeu03hTBeSsvA3u/BVSMk/CY+l8EPAl0g8WTNaxE2jyuZWecv75
ERAk5RlYzyunYN22ycWDKsrm/aFXG0eNiu0S8Wgt/MBulLYW3TrhbrQZk7FHrAE5
TTm/Uc4tBgQIWA0e8C4rLc0zXo2OZ6iGJrwxWhirjsxkZ1FXZLRVnOQcvLGtUdrI
Tatziu+Bnt4MNCRoAVnxMWx8+/08seaWPT4E1zAavnCDH69pfSzN+WQ/jMytWDoH
aJ6y+FMOym+378FelQMDBQLb4KMh5DvBlPNYGGFzeiBSktTvdME2VlAo7X0gmxoT
cbH1XotCUmNQkhVH1ir/187ztLVH8qm3LRUri/uuqIvlmr+Oxtkml8Lz8KsZ+Sc6
mZvs3GhwTE9A2Qa+uidN+Rh+XObvSsmlcS8rUGwPKtRIH5pWm3K+qFwW6M8T9NvQ
RMl3OlWu8Rmj/8ea1MYMhigyXncY99Wm5kWxsQdnICIF2OIhrOM=
=9SsJ
-----END PGP SIGNATURE-----

--pf9I7BMVVzbSWLtt--