Announcement

Collapse
No announcement yet.

TLB State Access Being Tightened Up On Linux For Better Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • L_A_G
    replied
    Originally posted by starshipeleven View Post
    Technically speaking, that's exactly how the law works.
    If you aren't driving on a road you can drive whatever the fuck insane non-certified shit you want.
    As anything that happens is going to be your own (or your family's) problem, or covered already by other laws.
    You seem to have missed the point that it's still a network connected machine that gets occasionally used for browsing the web. That's a bit like using your competition rally car (which were I'm from aren't road legal due having stripped out things like the airbags) to occasionally drive to work on public roads.

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by dispat0r View Post
    Atleast chrome has own mitigations for spectre so there is no need to run the kernel with all the security fixes. If you want to be safe sure use them.
    I trust more kernel than chrome developers, that said, there is really no reason to disable security mitigations for browsing performance or normal day-to-day software use.

    It makes sense only for systems doing a very specific job (workstation applications, compile or render machines)

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by L_A_G View Post
    That's a bit like saying "as someone who rarely drives my car on the road i would like options to get rid of all the crumple zones, seat belts and airbags because they're useless to me"
    Technically speaking, that's exactly how the law works.
    If you aren't driving on a road you can drive whatever the fuck insane non-certified shit you want.
    As anything that happens is going to be your own (or your family's) problem, or covered already by other laws.

    Leave a comment:


  • leebickmtu
    replied
    Originally posted by Aryma View Post
    as someone who rarely web browsing from my PC i would like options to disable all this security patches because it's useless to me
    As far as I can tell, this patch has no negative performance impact. It's not clearing TLB on context switches or anything like that. Simply limiting what functions/data are exported to only be those which are required by KVM.

    Leave a comment:


  • dispat0r
    replied
    Originally posted by L_A_G View Post

    That's a bit like saying "as someone who rarely drives my car on the road i would like options to get rid of all the crumple zones, seat belts and airbags because they're useless to me"

    Unless your machine is never used to browse the web or run of any software that wasn't written by you while connected to the internet it's not a good idea to remove fixes for vulnerabilities with working proof-of-concept attacks.
    Atleast chrome has own mitigations for spectre so there is no need to run the kernel with all the security fixes. If you want to be safe sure use them.

    Leave a comment:


  • L_A_G
    replied
    Originally posted by Aryma View Post
    as someone who rarely web browsing from my PC i would like options to disable all this security patches because it's useless to me
    That's a bit like saying "as someone who rarely drives my car on the road i would like options to get rid of all the crumple zones, seat belts and airbags because they're useless to me"

    Unless your machine is never used to browse the web or run of any software that wasn't written by you while connected to the internet it's not a good idea to remove fixes for vulnerabilities with working proof-of-concept attacks.

    Leave a comment:


  • dispat0r
    replied
    Originally posted by Aryma View Post
    as someone who rarely web browsing from my PC i would like options to disable all this security patches because it's useless to me
    https://make-linux-fast-again.com/
    This should take care of that.

    Leave a comment:


  • Aryma
    replied
    as someone who rarely web browsing from my PC i would like options to disable all this security patches because it's useless to me

    Leave a comment:


  • TLB State Access Being Tightened Up On Linux For Better Security

    Phoronix: TLB State Access Being Tightened Up On Linux For Better Security

    The latest Linux kernel security work being pursued by Thomas Gleixner is tightening up access around the kernel's per-CPU TLB state access for the translation lookaside buffer...

    http://www.phoronix.com/scan.php?pag...x86-TLB-Access
Working...
X