From owner-freebsd-security@freebsd.org Fri Jan 5 14:55:36 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65A95EADBCD for ; Fri, 5 Jan 2018 14:55:36 +0000 (UTC) (envelope-from cbergstrom@pathscale.com) Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 188456C89C for ; Fri, 5 Jan 2018 14:55:36 +0000 (UTC) (envelope-from cbergstrom@pathscale.com) Received: by mail-qt0-x22e.google.com with SMTP id e2so5969010qti.0 for ; Fri, 05 Jan 2018 06:55:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pathscale-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=4PD0Zfi+So7k9EVdvPlqubBSbdOt7U6U7UmHZ4hrJJQ=; b=Xokg4wOEZfSx4nOCr2bW8OeUDcNsk4cP12sEOsQAMNhZt1HkGLLCMO4PYiRIoxAqjH +xGX4uTdMHxAcrR14EBws2oSYKjXKLDbtTZxVk4psFepbUO+RMf9Sc/LAoMqAlU2qSsy OGxeD4DHh1X+BqNW7My7kk08sMfVwA5IBPI80CEPaJ/LSQAra1/m03feM12mpuFKLPLs NmxWmf4ylUUQVXGqN279GMFhc3EztWR6CP/Ir8xEO4tql/TRWgupmOgYmJbwIWkcBSBl +iFOPm+2CziRbPDQalaTxnDcbmvTbuzktUpCymeK7pgFdvrIeiQRJsV3rnKjXiasaFwp QdQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=4PD0Zfi+So7k9EVdvPlqubBSbdOt7U6U7UmHZ4hrJJQ=; b=C2Euf3rvxZjdmJvP5FzrXhYdjdyGpVdINzHdpc+ZUYVOT4qeuothnxGyvE/Uin5vfs ZNgxcBc++fjQa1qdmJ4h4I+o9gkm//L+SC7t8Tz+HvtqNOdCMLRi8BIoPqT5kTvNW26l 3iD9uOzPjUkccvXMoDqYxnxHOGuDypFCV+zfcWaKwUyIjWigguLqIqXoKT4fjckB57sO DyOFAsnZ984kdv8gzYNMWPSyvX5gymbUNZPiXTZkcjn1QYjKzSvi7deUzyJN5xh8QI6L tKrRklgCYViigT0amnzGt1cxT/b1/aWS8Pf/zGs/7Q8gv8/z14lT3XYF78tyJbOju+eD 4qog== X-Gm-Message-State: AKwxytddCo7KJ6sCKIrTamwXFtRbUSYVUu9C4SxBx1vZtzF3N6NcCc6L oWKWQe+D9rbrghM7mgGAqukkb/EKwIbdsz67mAKlFA== X-Google-Smtp-Source: ACJfBouxeRPh4iDo+U5erDZNZHzWjCcih60x2pDe8UTfSk98drVvsV41tDpZAWQkpTHCPThKblkQWFpVHO6ZMuR8MSQ= X-Received: by 10.237.33.154 with SMTP id l26mr4553016qtc.100.1515164135206; Fri, 05 Jan 2018 06:55:35 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.210.3 with HTTP; Fri, 5 Jan 2018 06:55:14 -0800 (PST) X-Originating-IP: [202.83.99.25] In-Reply-To: <250f3a77-822b-fba5-dcd7-758dfec94554@metricspace.net> References: <736a2b77-d4a0-b03f-8a6b-6a717f5744d4@metricspace.net> <2594.1515141192@segfault.tristatelogic.com> <809675000.867372.1515146821354@mail.yahoo.com> <250f3a77-822b-fba5-dcd7-758dfec94554@metricspace.net> From: =?UTF-8?B?QyBCZXJnc3Ryw7Zt?= Date: Fri, 5 Jan 2018 22:55:14 +0800 Message-ID: Subject: Re: Intel hardware bug To: Eric McCorkle Cc: Jules Gilbert , "Ronald F. Guilmette" , Freebsd Security , Brett Glass , =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= , Poul-Henning Kamp , "freebsd-arch@freebsd.org" , FreeBSD Hackers , Shawn Webb , Nathan Whitehorn X-Mailman-Approved-At: Fri, 05 Jan 2018 15:56:33 +0000 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2018 14:55:36 -0000 On Fri, Jan 5, 2018 at 8:42 PM, Eric McCorkle wrote: > On 01/05/2018 05:07, Jules Gilbert wrote: > > Sorry guys, you just convinced me that no one, not the NSA, not the FSB, > > no one!, has in the past, or will in the future be able to exploit this > > to actually do something not nice. > > Attacks have already been demonstrated, pulling secrets out of kernel > space with meltdown and http headers/passwords out of a browser with > spectre. Javascript PoCs are already in existence, and we can expect > them to find their way into adware-based malware within a week or two. > > Also, I'd be willing to bet you a year's rent that certain three-letter > organizations have known about and used this for some time. > > > So what is this, really?, it's a market exploit opportunity for AMD. > > Don't bet on it. There's reports of AMD vulnerabilities, also for ARM. > I doubt any major architecture is going to make it out unscathed. (But > if one does, my money's on Power) > Nope, the only arch that I'm aware of that gets past this is SPARC(hah!) due to the seperate userland and kernel memory virtualization.