subject:"CVE\-2018\-8897"

Re: CVE-2018-8897

2018-05-11 Thread IL Ka

>
>
>> Then how do they implement memory watch?
>>
>
> Got me, but even the ancient, in-tree gdb is able to do so.  Have you
> consulted the gdb source?
>

I read gdb sources and found an asnwer,  but later I read docs and here it
is:
https://sourceware.org/gdb/onlinedocs/gdb/Set-Watchpoints.html

"Depending on your system, watchpoints may be implemented in software or
hardware.
GDB does software watchpointing by single-stepping your program and testing
the variable’s value each time,
which is hundreds of times slower than normal execution. "

For bsd, configure script checks GETDBREGS in ptrace.h. It exists in
freebsd but not in openbsd.
Then, "target_can_use_hardware_watchpoint" returns 0, and
"breakpoint.c" checks it, and switches to software watchpoints.
Same happens when debug registers are full even on linux, I assume.

Re: CVE-2018-8897

2018-05-11 Thread jungle Boogie

On 5:58PM, Thu, May 10, 2018 Theo de Raadt  wrote:
>
> >Dare I ask what lead to OpenBSD not being affected.
> >
> >Sorry if it is a dumb question but since this hit FreeBSD as well I am
> >wondering
> >what OpenBSD did differently.
> >
> >Was this caught in an audit?
> >
> >I am just curious about causality that kept OpenBSD in the clear of this
one
> >that made such headlines yesterday.
>
>
> We didn't chase the fad of using every Intel cpu feature.
>

Once again, the puffer protects us again - secure by default.

Re: CVE-2018-8897

2018-05-11 Thread Bogdan Kulbida

I guess this is the main reason why we all love OpenBSD and an idea and a 
philosophy (and people) behind this great OS!

- Bogdan

> On May 11, 2018, at 6:49 AM, andrew fabbro  wrote:
> 
> "A statement...was mishandled in the development of some or all
> operating-system kernels..."
> 
> I think it's really "some" and the reason it's "some" and not "all" is
> OpenBSD.
> 
> On Thu, May 10, 2018 at 9:51 PM, John Long  wrote:
> 
>> On Thu, 2018-05-10 at 18:54 -0600, Theo de Raadt wrote:
 Dare I ask what lead to OpenBSD not being affected.
 
 Sorry if it is a dumb question but since this hit FreeBSD as well I
 am
 wondering
 what OpenBSD did differently.
 
 Was this caught in an audit?
 
 I am just curious about causality that kept OpenBSD in the clear of
 this one
 that made such headlines yesterday.
>>> 
>>> 
>>> We didn't chase the fad of using every Intel cpu feature.
>> 
>> This goes into the achive! Thank you for the slice of sanity in an
>> insane word.
>> 
>> /jl
>> 
>> 
> 
> 
> -- 
> andrew fabbro
> and...@fabbro.org

Re: CVE-2018-8897

2018-05-11 Thread andrew fabbro

"A statement...was mishandled in the development of some or all
operating-system kernels..."

I think it's really "some" and the reason it's "some" and not "all" is
OpenBSD.

On Thu, May 10, 2018 at 9:51 PM, John Long  wrote:

> On Thu, 2018-05-10 at 18:54 -0600, Theo de Raadt wrote:
> > > Dare I ask what lead to OpenBSD not being affected.
> > >
> > > Sorry if it is a dumb question but since this hit FreeBSD as well I
> > > am
> > > wondering
> > > what OpenBSD did differently.
> > >
> > > Was this caught in an audit?
> > >
> > > I am just curious about causality that kept OpenBSD in the clear of
> > > this one
> > > that made such headlines yesterday.
> >
> >
> > We didn't chase the fad of using every Intel cpu feature.
>
> This goes into the achive! Thank you for the slice of sanity in an
> insane word.
>
> /jl
>
>


-- 
andrew fabbro
and...@fabbro.org

Re: CVE-2018-8897

2018-05-11 Thread John Long

On Thu, 2018-05-10 at 18:54 -0600, Theo de Raadt wrote:
> > Dare I ask what lead to OpenBSD not being affected.
> > 
> > Sorry if it is a dumb question but since this hit FreeBSD as well I
> > am
> > wondering
> > what OpenBSD did differently.
> > 
> > Was this caught in an audit?
> > 
> > I am just curious about causality that kept OpenBSD in the clear of
> > this one
> > that made such headlines yesterday.
> 
> 
> We didn't chase the fad of using every Intel cpu feature.

This goes into the achive! Thank you for the slice of sanity in an
insane word.

/jl

Re: CVE-2018-8897

2018-05-10 Thread Philip Guenther

On Thu, May 10, 2018 at 5:06 PM, IL Ka  wrote:
>
> >> OpenBSD does not allow userspace to access the hardware debug registers.
>
> Does it mean that gdb and other debuggers can't use hardware breakpoints?
>

Correct: gdb is a userspace program, so it can't set hardware breakpoints
on x86.

(I don't know whether hardware breakpoints are supported on any of the
other CPUs supported by OpenBSD)

> Then how do they implement memory watch?
>

Got me, but even the ancient, in-tree gdb is able to do so.  Have you
consulted the gdb source?

Philip Guenther

Re: CVE-2018-8897

2018-05-10 Thread Theo de Raadt

>Dare I ask what lead to OpenBSD not being affected.
>
>Sorry if it is a dumb question but since this hit FreeBSD as well I am
>wondering
>what OpenBSD did differently.
>
>Was this caught in an audit?
>
>I am just curious about causality that kept OpenBSD in the clear of this one
>that made such headlines yesterday.


We didn't chase the fad of using every Intel cpu feature.

Re: CVE-2018-8897

2018-05-10 Thread Ken M

Thank you. After many of the things I have read about OpenBSD being "overhyped"
online I thought this was a real interesting case that most of the industry gets
slapped with this the other day and OpenBSD is all fine and dandy.

I am glad to get the quantification as to why.

Ken

On Thu, May 10, 2018 at 03:54:01PM -0700, Mike Larkin wrote:
> On Thu, May 10, 2018 at 03:41:59PM +, Ken MacKenzie wrote:
> > Dare I ask what lead to OpenBSD not being affected.
> > 
> > Sorry if it is a dumb question but since this hit FreeBSD as well I am
> > wondering
> > what OpenBSD did differently.
> > 
> > Was this caught in an audit?
> > 
> > I am just curious about causality that kept OpenBSD in the clear of this one
> > that made such headlines yesterday.
> > 
> > Ken
> > 
> 
> OpenBSD does not allow userspace to access the hardware debug registers.
> 
> -ml
> 
> > On Thu, May 10, 2018 at 07:39:28AM -0700, Mike Larkin wrote:
> > > On Thu, May 10, 2018 at 10:22:48AM -0400, Predrag Punosevac wrote:
> > > > Does this
> > > >
> > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-8897
> > > >
> > > > affect 6.3 stable?
> > > >
> > > > Best,
> > > > Predrag
> > > >
> > >
> > > OpenBSD is not affected.
> > >
> > > -ml
> > >

Re: CVE-2018-8897

2018-05-10 Thread IL Ka

Hello Mike,

>> OpenBSD does not allow userspace to access the hardware debug registers.

Does it mean that gdb and other debuggers can't use hardware breakpoints?
Then how do they implement memory watch?

AFAIK in other OSes they modify DR* registers using ptrace(2),
but "struct reg” from  used by PT_SETREGS  ptrace(2)
does not have field for "dr" registers.

Thanks in advance.
Ilya.

Re: CVE-2018-8897

2018-05-10 Thread Mike Larkin

On Thu, May 10, 2018 at 03:41:59PM +, Ken MacKenzie wrote:
> Dare I ask what lead to OpenBSD not being affected.
> 
> Sorry if it is a dumb question but since this hit FreeBSD as well I am
> wondering
> what OpenBSD did differently.
> 
> Was this caught in an audit?
> 
> I am just curious about causality that kept OpenBSD in the clear of this one
> that made such headlines yesterday.
> 
> Ken
> 

OpenBSD does not allow userspace to access the hardware debug registers.

-ml

> On Thu, May 10, 2018 at 07:39:28AM -0700, Mike Larkin wrote:
> > On Thu, May 10, 2018 at 10:22:48AM -0400, Predrag Punosevac wrote:
> > > Does this
> > >
> > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-8897
> > >
> > > affect 6.3 stable?
> > >
> > > Best,
> > > Predrag
> > >
> >
> > OpenBSD is not affected.
> >
> > -ml
> >

Re: CVE-2018-8897

2018-05-10 Thread Ken MacKenzie

Dare I ask what lead to OpenBSD not being affected.

Sorry if it is a dumb question but since this hit FreeBSD as well I am
wondering
what OpenBSD did differently.

Was this caught in an audit?

I am just curious about causality that kept OpenBSD in the clear of this one
that made such headlines yesterday.

Ken

On Thu, May 10, 2018 at 07:39:28AM -0700, Mike Larkin wrote:
> On Thu, May 10, 2018 at 10:22:48AM -0400, Predrag Punosevac wrote:
> > Does this
> >
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-8897
> >
> > affect 6.3 stable?
> >
> > Best,
> > Predrag
> >
>
> OpenBSD is not affected.
>
> -ml
>

Re: CVE-2018-8897

2018-05-10 Thread Mike Larkin

On Thu, May 10, 2018 at 10:22:48AM -0400, Predrag Punosevac wrote:
> Does this
> 
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-8897
> 
> affect 6.3 stable?
> 
> Best,
> Predrag
> 

OpenBSD is not affected.

-ml

CVE-2018-8897

2018-05-10 Thread Predrag Punosevac

Does this

https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-8897

affect 6.3 stable?

Best,
Predrag

Re: CVE-2018-8897

Re: CVE-2018-8897

Re: CVE-2018-8897

Re: CVE-2018-8897

Re: CVE-2018-8897

Re: CVE-2018-8897

Re: CVE-2018-8897

Re: CVE-2018-8897

Re: CVE-2018-8897

Re: CVE-2018-8897

Re: CVE-2018-8897

Re: CVE-2018-8897

CVE-2018-8897

13 matches

Site Navigation

Mail list logo

Footer information