A Global Switch To Kill Linux's CPU Spectre/Meltdown Workarounds?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • HenryM
    replied
    I've got some weird numbers to report... disabling protections does seem to make CPU-bound situations in CS:GO run a bit faster, maybe 3-10%, but CPU performance is more significantly effected my how I interact with GRUB, regardless of boot options...

    when I use the arrow keys and enter key to select a boot option, in-game CPU performance suffers (say 200 FPS vs 250 or more), while letting it boot without input, or pressing "e" to edit boot options and then booting with "f10" is fine, wether or not anything was changed.

    I tested repeatedly with a variety of options, and results were very consistent. protection status was checked each time in terminal.

    EDIT: Antergos/Arch, I5-4570, AMD graphics. 4.14, 4.18, 4.18-zen tested.
    Last edited by HenryM; 26 August 2018, 11:29 PM.

    Leave a comment:


  • Djhg2000
    replied
    Originally posted by birdie View Post
    Tell me how you are going to attack a rendering farm exactly. It usually has an SSH port open and nothing else. And tell me again, how spectre/meltdown-like exploits can be pushed onto the said farm. There are quite a lot of alternatively gifted people in this thread who believe they are world experts in security.
    I can't tell you exactly because I'm not a hacker. But even if I were, you seriously believe I'd spill the beans trying to convince someone who keeps calling me an idiot? That said you are in a *nix oriented forum, the likelyhood of crossing paths with an actual security researcher is substantialy higher than on your average forum.

    Originally posted by birdie View Post
    Meanwhile and let me repeat this again for the utmost idiots here: there are no known circulating in-the-wild viruses/exploits based on the Spectre/Meltdown vulnerabilities. The most talked about attack vector which is running JS in a web browser has long been resolved by both Firefox and Chrome. Meanwhile we also have zero JS based exploits in-the-wild.
    Yes there are. None of the known ones are doing anything useful with it, but they sure are trying. It's just a matter of time before they deploy working exploits.

    Example: https://searchsecurity.techtarget.co...ed-in-the-wild

    Originally posted by birdie View Post
    These mitigations slow down billions of PCs (and ARM devices too) for no apparent reasons while a huge number of such devices cannot be exploited even theoretically.
    Then add those processors to the mitigation whitelist.

    Originally posted by birdie View Post
    For the past eight months literally hundreds of other real vulnerabilities have been discovered which are indeed exploitable in practice, vs. the topic we are discussing.
    There are also bad admins out there. You still hear about breaches where the point of entry was a default admin password. But it still doesn't make speculative execution exploits go away.

    Leave a comment:


  • birdie
    replied
    Originally posted by cybertraveler View Post
    birdie - Keep calling people here idiots and see how many friends you make and how many polite discussions you enjoy.
    Too many people nowadays don't have the slightest clue about what they are talking about, yet they feel entitled to spell out their highly "valuable" opinion. On the contrary when I don't know shat about something I just keep my mouth shut or at least say something like, "I feel like", "What if" or something similar, however most people in this thread know nil about security yet that doesn't stop them from talking like they are experts in the field. Not only that's very pathetic, it's just plain stupid, thus I call them "idiots" because it's what they are.

    If you're offended by that, stop spewing shat - no one has asked you to open your mouth in the first place.

    Also, I prefer my friends to be intelligent or at the very least have some common sense which is all so rare nowadays. And no, I don't seek virtual friends among phoronix readers.
    Last edited by birdie; 27 August 2018, 04:15 AM.

    Leave a comment:


  • cybertraveler
    replied
    birdie - Keep calling people here idiots and see how many friends you make and how many polite discussions you enjoy.

    Leave a comment:


  • birdie
    replied
    Originally posted by Djhg2000 View Post
    Mining power, persistent network entry points and/or login credentials would be three of the blatantly obvious answers.
    Tell me how you are going to attack a rendering farm exactly. It usually has an SSH port open and nothing else. And tell me again, how spectre/meltdown-like exploits can be pushed onto the said farm. There are quite a lot of alternatively gifted people in this thread who believe they are world experts in security.

    Meanwhile and let me repeat this again for the utmost idiots here: there are no known circulating in-the-wild viruses/exploits based on the Spectre/Meltdown vulnerabilities. The most talked about attack vector which is running JS in a web browser has long been resolved by both Firefox and Chrome. Meanwhile we also have zero JS based exploits in-the-wild.

    These mitigations slow down billions of PCs (and ARM devices too) for no apparent reasons while a huge number of such devices cannot be exploited even theoretically.

    For the past eight months literally hundreds of other real vulnerabilities have been discovered which are indeed exploitable in practice, vs. the topic we are discussing.
    Last edited by birdie; 26 August 2018, 05:41 PM.

    Leave a comment:


  • cybertraveler
    replied
    Originally posted by flower View Post

    ok, sorry. i misunderstood it as "if your computer has no spectre mitigation, then"
    english is hard for me
    No problem

    Leave a comment:


  • flower
    replied
    Originally posted by cybertraveler View Post

    You missed off a key part of my sentence when you cropped it:
    ok, sorry. i misunderstood it as "if your computer has no spectre mitigation, then"
    english is hard for me

    Leave a comment:


  • cybertraveler
    replied
    Originally posted by Djhg2000 View Post
    I get your point, but from what we've seen recently, exploits tend to be used together in order to achieve the goals of the modern hacker. Leaving behind leverage for a privilege escalation could be a really bad idea, particularly in the last example, where a home server could easily have an unpatched version of Samba or OpenSSH running ("I'll patch it tomorrow after the backup is done" and so forth). A college/university supercomputer could potentially be vulnerable to bad code as well, many of them allow for very limited access by students but it might just be enough for malicious intents if a student account gets compromised. Render farms would probably be pretty safe, but a weaponized version of NSA-class malware (like Stuxnet) could get in there.

    To be fair, that last one is probably more of a threat by itself even without the help of speculative execution, but I hope you get my point.
    I understand your point and agree. I didn't mention that stuff just to keep it simple.

    Security always comes at a cost. It's down to the informed administrator/technician to decide whether it's safe to disable those mitigations and whether the reward (more performance) outweighs the risks.

    Leave a comment:


  • cybertraveler
    replied
    Originally posted by flower View Post

    firefox and chromium have their own protection against spectre though.
    You missed off a key part of my sentence when you cropped it:

    However if I'm using a computer without spectre/meltdown mitigations for browsing the web, then an attack can potentially create a specially crafted website with javascript on it which will exploit a buggy CPU and exfiltrate sensitive data.

    Leave a comment:


  • Djhg2000
    replied
    Originally posted by birdie View Post

    What's there to gain or steal exactly? Another idiot in the thread.
    Mining power, persistent network entry points and/or login credentials would be three of the blatantly obvious answers.

    Originally posted by cybertraveler View Post

    He didn't mention those things because they are not high value. As you stated: they very much can be high value. He mentioned them because the nature of use of those machines often means that you can't actually use the spectre and meltdown exploits. e.g. If I had a machine without spectre/meltdown mitigations that was purely serving static files, then an attacker has no opportunity to execute code and read protected memory. However if I'm using a computer without spectre/meltdown mitigations for browsing the web, then an attack can potentially create a specially crafted website with javascript on it which will exploit a buggy CPU and exfiltrate sensitive data.

    Note: I've simplified some aspects of the situations above, but it's close enough.
    I get your point, but from what we've seen recently, exploits tend to be used together in order to achieve the goals of the modern hacker. Leaving behind leverage for a privilege escalation could be a really bad idea, particularly in the last example, where a home server could easily have an unpatched version of Samba or OpenSSH running ("I'll patch it tomorrow after the backup is done" and so forth). A college/university supercomputer could potentially be vulnerable to bad code as well, many of them allow for very limited access by students but it might just be enough for malicious intents if a student account gets compromised. Render farms would probably be pretty safe, but a weaponized version of NSA-class malware (like Stuxnet) could get in there.

    To be fair, that last one is probably more of a threat by itself even without the help of speculative execution, but I hope you get my point.

    Leave a comment:

Working...
X