[qubes-users] Re: Is Qubes effected by the Intel kernel memory leaking bug?
On Wednesday, 3 January 2018 12:55:54 UTC+1, stephen...@gmail.com wrote: > https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ > > http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table > > It seems as if Linux countermeasures will involve a significant rewrite aka. > FUCKWIT. > > Is this perhaps why there is no final 4.0 release? Some news from rootkovska via Twatter: Re the #Meltdown/#Spectre attacks: 1. Practical impact on Qubes is unclear to us ATM, 2. No advanced info has been shared with us on Xen predisclosure list, so we've had no time to evaluate yet, 3. Xen published XSA 254 unexpectedly last night, 4. Xen offers no patches ATM... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dd9731dc-f8f9-4f9d-aa11-e43d16cfdfe4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is Qubes effected by the Intel kernel memory leaking bug?
On Wednesday, 3 January 2018 12:55:54 UTC+1, stephen...@gmail.com wrote: > https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ > > http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table > > It seems as if Linux countermeasures will involve a significant rewrite aka. > FUCKWIT. > > Is this perhaps why there is no final 4.0 release? Redhat has now posted speculative execution mitigation patches. I've no idea to what extent they fix all possible Spectre-like side-channel attacks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f328aa39-720b-4ddf-9efd-a43ba5660c2a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is Qubes effected by the Intel kernel memory leaking bug?
On Wednesday, 3 January 2018 12:55:54 UTC+1, stephen...@gmail.com wrote: > https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ > > http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table > > It seems as if Linux countermeasures will involve a significant rewrite aka. > FUCKWIT. > > Is this perhaps why there is no final 4.0 release? I guess the good news is that this debacle is going to force hardware designers and OS developers (including Qubes) to work together on minimising the chances chip-level bugs like this. Also Intel, AMD, ARM & Co. will be 'motivated' to pay attention to hardware virtualisation security issues. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/10abb949-fd99-4b81-bb1b-51d1309adcfc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is Qubes effected by the Intel kernel memory leaking bug?
On Thursday, 4 January 2018 09:56:44 UTC+1, stephen...@gmail.com wrote: > On Wednesday, 3 January 2018 12:55:54 UTC+1, stephen...@gmail.com wrote: > > https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ > > > > http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table > > > > It seems as if Linux countermeasures will involve a significant rewrite > > aka. FUCKWIT. > > > > Is this perhaps why there is no final 4.0 release? > > There is a Xen fix available here, at least to the Meltdown manifestation to > the chip-makers SNAFU: > > https://xenbits.xen.org/xsa/advisory-254.html > > This I assume will be in the 4.0 release version of Qubes. > > The best explanation of the field that I can find is here: > https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ > > Oder? Or at least the Meltdown (= SP3?) parts thereof. Against Spectre there is no known defence, which generally seems to break VM isolation against an attack. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0e64448c-b159-40c0-8a19-5c6d6bde8864%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is Qubes effected by the Intel kernel memory leaking bug?
On Wednesday, 3 January 2018 12:55:54 UTC+1, stephen...@gmail.com wrote: > https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ > > http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table > > It seems as if Linux countermeasures will involve a significant rewrite aka. > FUCKWIT. > > Is this perhaps why there is no final 4.0 release? There is a Xen fix available here, at least to the Meltdown manifestation to the chip-makers SNAFU: https://xenbits.xen.org/xsa/advisory-254.html This I assume will be in the 4.0 release version of Qubes. The best explanation of the field that I can find is here: https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ Oder? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3bcfaab5-95c4-4a5c-b55f-bc4e8411a033%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.