From owner-freebsd-security@freebsd.org Fri Jan 5 19:17:50 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A8D4AEBAD85 for ; Fri, 5 Jan 2018 19:17:50 +0000 (UTC) (envelope-from cameron@ctc.com) Received: from pm4.ctc.com (pm4.ctc.com [147.160.99.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "pm4.ctc.com", Issuer "RapidSSL SHA256 CA - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5550E78FED for ; Fri, 5 Jan 2018 19:17:49 +0000 (UTC) (envelope-from cameron@ctc.com) Received: from pps.filterd (pm4.ctc.com [127.0.0.1]) by pm4.ctc.com (8.16.0.21/8.16.0.21) with SMTP id w05In0tl016507 for ; Fri, 5 Jan 2018 13:51:25 -0500 Received: from server3a.ctc.com ([10.160.17.12]) by pm4.ctc.com with ESMTP id 2f64w2kcr6-1 (version=TLSv1 cipher=AES256-SHA bits=256 verify=NO) for ; Fri, 05 Jan 2018 13:51:25 -0500 Received: from linux116.ctc.com (linux116.ctc.com [10.160.39.116]) by server3a.ctc.com (8.14.4/8.14.4) with ESMTP id w05IpPu5016488 for ; Fri, 5 Jan 2018 13:51:25 -0500 Received: from linux116.ctc.com (localhost [127.0.0.1]) by linux116.ctc.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w05IpOvG025943 for ; Fri, 5 Jan 2018 13:51:24 -0500 Received: (from cameron@localhost) by linux116.ctc.com (8.14.4/8.14.4/Submit) id w05IpOSp025942 for freebsd-security@freebsd.org; Fri, 5 Jan 2018 13:51:24 -0500 Date: Fri, 5 Jan 2018 13:51:24 -0500 From: "Cameron, Frank J" To: freebsd-security@freebsd.org Subject: Re: Intel hardware bug Message-ID: <20180105185124.GF11964@linux116.ctc.com> References: <736a2b77-d4a0-b03f-8a6b-6a717f5744d4@metricspace.net> <2594.1515141192@segfault.tristatelogic.com> <809675000.867372.1515146821354@mail.yahoo.com> <250f3a77-822b-fba5-dcd7-758dfec94554@metricspace.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2018 19:17:50 -0000 Eric McCorkle wrote: > On 01/05/2018 11:40, Nathan Whitehorn wrote: > > POWER has the same thing. It's actually stronger separation, since user > > processes don't share addresses either -- all processes, including the > > kernel, have windowed access to an 80-bit address space, so no process > > can even describe an address in another process's address space. There > > are ways, of course, in which IBM could have messed up the > > implementation, so the fact that it *should* be secure does not mean it > > *is*. > > That's interesting, as it conflicts with Red Hat's vulnerability > disclosure. It that because the silicon is buggy, or because Linux > somehow ends up being vulnerable when it need not be? "Complete mitigation of this vulnerability for Power Systems clients involves installing patches to both system firmware and operating systems. The firmware patch provides partial remediation to this vulnerability and is a pre-requisite for the OS patch to be effective." https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ ----------------------------------------------------------------- This message and any files transmitted within are intended solely for the addressee or its representative and may contain company proprietary information. If you are not the intended recipient, notify the sender immediately and delete this message. Publication, reproduction, forwarding, or content disclosure is prohibited without the consent of the original sender and may be unlawful. Concurrent Technologies Corporation and its Affiliates. www.ctc.com 1-800-282-4392 -----------------------------------------------------------------