Agreed, this bullshit only matters at all if you have server farms on which you let loose random script kiddies, err.. paying customers.
This stuff is useless as a way to break in anywhere and even extracting encryption keys and such only works in carefully prepared environments.. When I tried the https://leaky.page demo I tried for way longer than is reasonable to make it work on my unpatched firmware/microcode + mitigations=off system but it just didn't happen.
Maybe a native program would work better, but maybe I just don't install malware like a Windows user from the 90's.
-
I have disabled all mitigations on my systems. These are "bullshit vulnerabilities" as you said. After years of being disclosed there is still to appear a working exploit.Originally posted by asriel View PostLeave a comment:
-
AMD is vulnerable to some (not all) speculation vulnsOriginally posted by bezirg View Post
Code:$ grep $ /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected /sys/devices/system/cpu/vulnerabilities/mds:Not affected /sys/devices/system/cpu/vulnerabilities/meltdown:Not affected /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: conditional, RSB filling /sys/devices/system/cpu/vulnerabilities/srbds:Not affected /sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
Leave a comment:
-
One more useless evil mitigation for one more bullshit "vulnerability". Pray that Linus will keep the possibility to switch this crap off.Leave a comment:
-
Why this sudden change of amd's spectre_v2? I thought that his new cpu vulnerability does not affect the amd side.Leave a comment:
-
Those CPU's already using (or forced to use) full reptolines are (mostly) considered not vulnerable. as the LFENCE and eIBRS mitigations are no longer considered sufficient.Originally posted by CTTY View PostLeave a comment:
-
Do I understand it correctly, that systems saying `Full generic retpoline` in `/sys/devices/system/cpu/vulnerabilities/spectre_v2` are NOT vulnerable? (Since Full generic retpoline are applied)Leave a comment:
-
The vulnerability has nothing to do with eBPF. It was just used to show the vulnerability, but in theory it can be vulnerable without eBPFOriginally posted by kylew77 View Post
Edit: see under "So, is disabling unprivileged eBPF sufficient?" [0]
[0] https://www.vusec.net/projects/bhi-spectre-bhb/Last edited by CTTY; 08 March 2022, 08:22 PM.Leave a comment:
-
Are any of the *BSDs affected? I looked it up and eBPF looks like a Linux specific feature.Leave a comment:
Leave a comment: