I’m sorry but if you really care about security you have to read the advisory and stop assuming things.
For every complaint why this is disabled by default, there will 10 complaints why it was enabled by default and broke things. Having said this, I could see the benefit of reporting the fact that a certain security measure is disabled in the daily security reports, hoping someone reads it together with the executables that suddenly have been setuid for root. Peter > On 10 Jul 2019, at 18:37, Kevin via freebsd-security > <freebsd-security@freebsd.org> wrote: > > Hello list. I am reading this page about FreeBSD security [ > https://vez.mrsk.me/freebsd-defaults.html ] and it says the Intel MDS > mitigation is off by default. So I tried. > > % sysctl hw.mds_disable_state > hw.mds_disable_state: inactive > > Now I see the instructions in the advisory, but what about anyone who didn't? > Or who did a new install and didn't read past advisories? > > I have an Intel CPU that is vulnerable. By applying the update and installing > the microcode package, I thought I was safe. > > Why? Why does FreeBSD let its users be vulnerable? > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org" _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
