OpenBSD Journal

Response to the "Meltdown" Vulnerability

Contributed by rueda on from the moronoculture dept.

A message to tech@ from Philip Guenther (guenther@) provides the first public information from developers regarding the OpenBSD response to the recently announced CPU vulnerabilities:

So, yes, we the OpenBSD developers are not totally asleep and a handful of
us are working out how to deal with Intel's fuck-up aka the Meltdown
attack.  While we have the advantage of less complexity in this area (e.g.,
no 32bit-on-64bit compat), there's still a pile of details to work through
about what has to be *always* in the page tables vs what can/should/must be
hidden.

Read it and weep…

(Comments are closed)


Comments
  1. By Noryungi (noryungi) noryungi@yahoo.com on

    To me, the "money quote" from the above mail was the following:

    "We have received *no* non-public information. I've seen posts elsewhere by other *BSD people implying that they receive little or no prior warning, so I have no reason to believe this was specific to OpenBSD and/or our philosophy."

    Let that sink in for a moment: none of the BSDs has been warned in advance. None. The only people to get information are Microsoft, Apple and probably Red Hat and other largish Linux distros... Even though Intel knew of these flaws since June 2017.

    OpenBSD devs only got information because of the noise on the Linux Kernel mailing lists. This is a disgusting and irresponsible attitude from the people at Intel and other companies.

    Is this how "minority" operating systems are going to be treated in the future? I hope not.

    By the way, Matthew Dillon of DragonflyBSD had some choice words for Intel : http://lists.dragonflybsd.org/pipermail/users/2018-January/313758.html

    Comments
    1. By Bobby Foster (babymild) bobbyjamesfosterforums@gmail.com on

      interesting timeline for Ubuntu here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown?_ga=2.256521547.1351854662.1515382986-1697653471.1514323332

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]