Re: Is Fedora Linux protected against the Meltdown and Spectre security flaws?
On 02/20/2018 12:39 AM, Ed Greshko wrote: On 02/20/18 15:51, Paul Allen Newell wrote: In earlier email in this thread, you stated: Yes. As long as you don't have kernel modules which were built with a non-patched gcc. ls /sys/devices/system/cpu/vulnerabilities/* cat /sys/devices/system/cpu/vulnerabilities/* This file is new to me ... do you happen to know about when it was introduced and if there is any documentation on it (I couldn't find anything but I feel I was grasping in the dark as I must be missing something). Looking at the changelog for the kernel, my guess is that they were introduced around Jan 10 of this year. Maybe with the 4.14.13 kernel. I don't happen to have an earlier one running. Except for a Live image which is at 4.13.9 and they aren't there. I've not done, but probably should, look at the BZ reports noted in the changelog as well as the CVE reports. For example, the changelog has... * Wed Jan 10 2018 Justin M. Forbes- 4.14.13-300 - Linux v4.14.13 - Iniital retpoline fixes for Spectre v2 From what I can tell in this thread, this is a good new addition I would say so. Ed: Thanks for reply. Your answer is what I need to know ... it is a very recent addition (which helps explain why I haven't heard of it (smile)). I hadn't gotten far enough to figure out that the kernel is what I should be looking at Best, Paul ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Is Fedora Linux protected against the Meltdown and Spectre security flaws?
On 02/20/18 15:51, Paul Allen Newell wrote: > In earlier email in this thread, you stated: > > Yes. As long as you don't have kernel modules which were built with a > non-patched gcc. > > ls /sys/devices/system/cpu/vulnerabilities/* > > cat /sys/devices/system/cpu/vulnerabilities/* > > This file is new to me ... do you happen to know about when it was introduced > and > if there is any documentation on it (I couldn't find anything but I feel I was > grasping in the dark as I must be missing something). Looking at the changelog for the kernel, my guess is that they were introduced around Jan 10 of this year. Maybe with the 4.14.13 kernel. I don't happen to have an earlier one running. Except for a Live image which is at 4.13.9 and they aren't there. I've not done, but probably should, look at the BZ reports noted in the changelog as well as the CVE reports. For example, the changelog has... * Wed Jan 10 2018 Justin M. Forbes- 4.14.13-300 - Linux v4.14.13 - Iniital retpoline fixes for Spectre v2 > > From what I can tell in this thread, this is a good new addition I would say so. -- A motto of mine is: When in doubt, try it out signature.asc Description: OpenPGP digital signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Is Fedora Linux protected against the Meltdown and Spectre security flaws?
On 02/19/2018 06:04 AM, Ed Greshko wrote: On 02/19/18 21:51, Ranjan Maitra wrote: What do these mean, and what is the needed mitigation, if any? Basically, it means that everything that can currently be done to lessen the chances of a security breach is being done. Otherwise you may see something like... Mitigation: Full generic retpoline - vulnerable module loaded Ed: In earlier email in this thread, you stated: Yes. As long as you don't have kernel modules which were built with a non-patched gcc. ls /sys/devices/system/cpu/vulnerabilities/* cat /sys/devices/system/cpu/vulnerabilities/* This file is new to me ... do you happen to know about when it was introduced and if there is any documentation on it (I couldn't find anything but I feel I was grasping in the dark as I must be missing something). From what I can tell in this thread, this is a good new addition Best, Paul ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Is Fedora Linux protected against the Meltdown and Spectre security flaws?
On Mon, 19 Feb 2018 22:04:41 +0800 Ed Greshkowrote: > On 02/19/18 21:51, Ranjan Maitra wrote: > > What do these mean, and what is the needed mitigation, if any? > > > Basically, it means that everything that can currently be done to lessen the > chances > of a security breach is being done. > > Otherwise you may see something like... > > Mitigation: Full generic retpoline - vulnerable module loaded > I see, so I guess that I am missing the additional words that would be concerning then: $ cat /sys/devices/system/cpu/vulnerabilities/* Mitigation: PTI Mitigation: __user pointer sanitization Mitigation: Full generic retpoline Thanks! Ranjan > -- > A motto of mine is: When in doubt, try it out > -- Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Is Fedora Linux protected against the Meltdown and Spectre security flaws?
On 02/19/18 21:51, Ranjan Maitra wrote: > What do these mean, and what is the needed mitigation, if any? Basically, it means that everything that can currently be done to lessen the chances of a security breach is being done. Otherwise you may see something like... Mitigation: Full generic retpoline - vulnerable module loaded -- A motto of mine is: When in doubt, try it out signature.asc Description: OpenPGP digital signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Is Fedora Linux protected against the Meltdown and Spectre security flaws?
Mine are stock Fedora kernels, updated to the latest. On Mon, 19 Feb 2018 21:44:09 +0800 Ed Greshkowrote: > On 02/19/18 20:14, Turritopsis Dohrnii Teo En Ming wrote: > > What are the patches that I can download and install to be protected > > against the Meltdown and Spectre security vulnerabilities? > > (Resend to List, oops) > > Yes. As long as you don't have kernel modules which were built with a > non-patched gcc. > > ls /sys/devices/system/cpu/vulnerabilities/* I get: sys/devices/system/cpu/vulnerabilities/meltdown /sys/devices/system/cpu/vulnerabilities/spectre_v1 /sys/devices/system/cpu/vulnerabilities/spectre_v2 > cat /sys/devices/system/cpu/vulnerabilities/* I get: Mitigation: PTI Mitigation: __user pointer sanitization Mitigation: Full generic retpoline What do these mean, and what is the needed mitigation, if any? Many thanks and best wishes, Ranjan ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Is Fedora Linux protected against the Meltdown and Spectre security flaws?
On 02/19/18 20:14, Turritopsis Dohrnii Teo En Ming wrote: > What are the patches that I can download and install to be protected > against the Meltdown and Spectre security vulnerabilities? (Resend to List, oops) Yes. As long as you don't have kernel modules which were built with a non-patched gcc. ls /sys/devices/system/cpu/vulnerabilities/* cat /sys/devices/system/cpu/vulnerabilities/* -- A motto of mine is: When in doubt, try it out signature.asc Description: OpenPGP digital signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org