On 02/02/18 13:19, Mick wrote:
Anyway, as I understand it, we'll have to wait for gcc-8.1 in March, which
utilises 'gcc -mindirect-branch=thunk-extern' to get the benefit of the
retpoline kernel patch.
No. You get that with GCC 7.3 already, which is in portage now.
However, improvements to
On Wednesday, 31 January 2018 12:20:51 GMT Nikos Chantziaras wrote:
> On 31/01/18 14:04, Mick wrote:
> > Just to dilute my confusion on what I should do to keep desktops safe(r),
> > would someone please clarify:
> >
> > Is it necessary to keyword gcc 7.3 + kernel 4.15 and emerge kernel 4.15
> >
On Wed, Jan 31, 2018 at 7:07 AM, Nikos Chantziaras wrote:
>
> I was under the impression that it's the function that performs the call
> that needs protection. The called function doesn't need protection, because
> if it ends up being actually called, then it's too late already.
On Wed, Jan 31, 2018 at 4:16 AM, Nikos Chantziaras wrote:
> On 30/01/18 23:43, Rich Freeman wrote:
>>
>> If you had some program that listened on a socket and accepted a
>> length and a string and then did a bounds check using the length, it
>> might be exploitable if a local
Nikos Chantziaras wrote:
>
> For example, if you don't trust Firefox, don't install Firefox. But you
> *do* trust Firefox. What you don't trust is the JS code Firefox is
> executing.
That's an artificial distinction, because it is actually firefox
which is executing the code
On Wednesday, 31 January 2018 12:20:51 GMT Nikos Chantziaras wrote:
> On 31/01/18 14:04, Mick wrote:
> > Just to dilute my confusion on what I should do to keep desktops safe(r),
> > would someone please clarify:
> >
> > Is it necessary to keyword gcc 7.3 + kernel 4.15 and emerge kernel 4.15
> >
On 31/01/18 14:04, Mick wrote:
Just to dilute my confusion on what I should do to keep desktops safe(r),
would someone please clarify:
Is it necessary to keyword gcc 7.3 + kernel 4.15 and emerge kernel 4.15 with
gcc 7.3, or wait until these versions have been stabilised in the tree?
What gcc
On 31/01/18 13:17, Martin Vaeth wrote:
Nikos Chantziaras wrote:
Well, if you're running a local process that is trying to attack you,
you've been compromised already, imo.
By your definition, you are compromised if you surf to the
wrong webpage with enabled javascript.
On Wednesday, 31 January 2018 11:30:13 GMT Martin Vaeth wrote:
> Nikos Chantziaras wrote:
> > Yeah, that's the kind of software that benefits from the Spectre
> > mitigation patches. Like browsers, virtualization or emulation software,
> > the kernel, etc.
>
> No. It's software
Nikos Chantziaras wrote:
> Yeah, that's the kind of software that benefits from the Spectre
> mitigation patches. Like browsers, virtualization or emulation software,
> the kernel, etc.
No. It's software like gnupg, encfs, openssl and all the library they
use (glibc, glib, X
Nikos Chantziaras wrote:
>
> Well, if you're running a local process that is trying to attack you,
> you've been compromised already, imo.
By your definition, you are compromised if you surf to the
wrong webpage with enabled javascript.
While this is arguably true, I would
On 31/01/18 11:48, taii...@gmx.com wrote:
On 01/31/2018 04:16 AM, Nikos Chantziaras wrote:
On 30/01/18 23:43, Rich Freeman wrote:
If you had some program that listened on a socket and accepted a
length and a string and then did a bounds check using the length, it
might be exploitable if a
On 01/31/2018 04:16 AM, Nikos Chantziaras wrote:
On 30/01/18 23:43, Rich Freeman wrote:
If you had some program that listened on a socket and accepted a
length and a string and then did a bounds check using the length, it
might be exploitable if a local process could feed it data. Even if
the
On 30/01/18 23:43, Rich Freeman wrote:
If you had some program that listened on a socket and accepted a
length and a string and then did a bounds check using the length, it
might be exploitable if a local process could feed it data. Even if
the process only listened for outside connections it
On Mon, Jan 29, 2018 at 11:35 PM, Nikos Chantziaras wrote:
> On 30/01/18 00:36, Henry Kohli wrote:
>>
>> Would it be usefull to do a emerge -e @world with the new GCC 7.3 ?
>
> These flags are for *affected* applications only. That means application
> that: a) run third-party
On 2018-01-29 20:35, Alexander Kapshuk wrote:
> To compile the kernel with a different compiler, the method shown
> below may be used, e.g.:
> make CC=clang
Unfortunately, this has the annoying side effect that kconfig forces a
full reconfiguration, asking every question. Maybe there is a way
On 30/01/18 00:36, Henry Kohli wrote:
Would it be usefull to do a emerge -e @world with the new GCC 7.3 ?
No. Unless there's a bug involved that would require a rebuild. There
doesn't seem to be such bug.
If yes, should we add /-mindirect-branch/, /-mindirect-branch-loop/,
On Mon, Jan 29, 2018 at 1:56 PM, Mick wrote:
> On Monday, 29 January 2018 18:35:58 GMT Mike Gilbert wrote:
>> On Mon, Jan 29, 2018 at 12:50 PM, Ian Zimmerman
> wrote:
>> > On 2018-01-29 20:11, Adam Carter wrote:
>> >> Comparing the contents of
>>
On Monday, 29 January 2018 18:35:58 GMT Mike Gilbert wrote:
> On Mon, Jan 29, 2018 at 12:50 PM, Ian Zimmerman
wrote:
> > On 2018-01-29 20:11, Adam Carter wrote:
> >> Comparing the contents of
> >> /sys/devices/system/cpu/vulnerabilities/spectre_v2
> >>
> >> With gcc 7.2 +
On Mon, Jan 29, 2018 at 12:50 PM, Ian Zimmerman wrote:
> On 2018-01-29 20:11, Adam Carter wrote:
>
>> Comparing the contents of /sys/devices/system/cpu/vulnerabilities/spectre_v2
>>
>> With gcc 7.2 + kernel 4.14.15;
>> Intel system shows; Vulnerable: Minimal generic ASM
On Mon, Jan 29, 2018 at 7:50 PM, Ian Zimmerman wrote:
> On 2018-01-29 20:11, Adam Carter wrote:
>
>> Comparing the contents of /sys/devices/system/cpu/vulnerabilities/spectre_v2
>>
>> With gcc 7.2 + kernel 4.14.15;
>> Intel system shows; Vulnerable: Minimal generic ASM
On 2018-01-29 20:11, Adam Carter wrote:
> Comparing the contents of /sys/devices/system/cpu/vulnerabilities/spectre_v2
>
> With gcc 7.2 + kernel 4.14.15;
> Intel system shows; Vulnerable: Minimal generic ASM retpoline
> AMD system shows: Vulnerable: Minimal AMD ASM retpoline
>
> With gcc 7.3 +
22 matches
Mail list logo