Announcement

Collapse
No announcement yet.

Linux Preparing To Slightly Loosen Its Spectre Defaults

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux Preparing To Slightly Loosen Its Spectre Defaults

    Phoronix: Linux Preparing To Slightly Loosen Its Spectre Defaults

    A change first proposed last year to the Linux kernel's Spectre mitigation defaults looks like it will soon be sent in for the mainline kernel...

    https://www.phoronix.com/scan.php?pa...oing-Prctl-Def

  • #2
    I am wondering, what settings SteamOS will have.

    Comment


    • #3
      What does this mean in a practical setting? On a typical install of linux, what programs will have this applied?

      Do web browsers handling untrusted javascript do it, for example? Where else?

      Comment


      • #4
        Originally posted by Developer12 View Post
        What does this mean in a practical setting? On a typical install of linux, what programs will have this applied?

        Do web browsers handling untrusted javascript do it, for example? Where else?
        These are kernel settings. Programs don't change them. They have to be set before boot. I think the only one that's partly program-callable is the one for L1D because it's so detrimental to performance. If you don't know what these are about and how they affect security, leave the distro's defaults alone - after all, if you're asking you probably never even noticed any performance issues to begin with.

        Comment


        • #5
          Originally posted by Ilfirin View Post
          I am wondering, what settings SteamOS will have.
          Just add mitigations=off to the kernel boot command line and you're good to go if you're not concerned about any snowball chance in hell leaks for malware to exploit.

          Comment


          • #6
            Originally posted by stormcrow View Post

            These are kernel settings. Programs don't change them. They have to be set before boot. I think the only one that's partly program-callable is the one for L1D because it's so detrimental to performance. If you don't know what these are about and how they affect security, leave the distro's defaults alone - after all, if you're asking you probably never even noticed any performance issues to begin with.
            If you read the article closely:

            With that default behavior the mitigations are only applied when opted into per-thread via the PRCTL interface (or otherwise a process inherits the mitigation when forked) or is enabled by default for all SECCOMP threads.
            The question is, which programs in the past have opted in with PRCTL? Which in the future will be SECCOMP threads which will have it applied?
            Last edited by Developer12; 13 September 2021, 10:46 AM.

            Comment

            Working...
            X