Tweet
Originally posted by Brisse
View Post
-
Enable double authentication on anything. Steam calls it Steam Guard. -
Already have that. I was just using it as an example to try and make a point. How can the kernel know which applications are security sensitive? Even games can be security sensitive with all of the online functionality that's built into them in this day and age. They are also mostly proprietary and closed source. What if I would post a game on Steam with malware exploiting Spectre?Originally posted by starshipeleven View PostLast edited by Brisse; 18 November 2018, 04:10 PM.Comment
-
It seems this is a user-selectable option, although I don't know how the user can set or manipulate process properties to add the flag to tell the kernel that this is a security-sensitive process.Originally posted by Brisse View Post
Users may not wish to incur performance overhead from IBPB and STIBP for general non security sensitive processes and use these mitigations only for security sensitive processes.
This patchset provides a process property based lite protection mode. In this mode, IBPB and STIBP mitigation are applied only to security sensitive non-dumpable processes and processes that users want to protect by having indirect branch speculation disabled via PRCTL. So the overhead from IBPB and STIBP are avoided for low security processes that don't require extra protection.Comment
-
A malicious game does not need to exploit anything to read or write all the user’s data and access internet...Originally posted by Brisse View PostComment
-
Which is one of the main reasons my gaming rig is not my "main PC" and I have no plans to merge them any time soon. Can't steal my data if there is no data to steal.Originally posted by stqn View Post
Comment
-
Better to run the games as a separate user, and/or use file system permissions to prevent access.Originally posted by starshipeleven View PostWhich is one of the main reasons my gaming rig is not my "main PC" and I have no plans to merge them any time soon. Can't steal my data if there is no data to steal.
Comment
-
Seriously considering "nospectre_v2 nopti" after trying some game benchs, extra 10-15 fps in some cases is enough for me not caring about a china/russian nerd knowing what kind of porn I watch. It sucks to wake up everyday with less performance on the same hardware, what a scam... 45fps to 60 for instance means going from a meh experience to a good one in most games.
I imagine how this must suck ass for big scale operations with both high performance and high security requirements.Last edited by clapbr; 18 November 2018, 06:40 PM.Comment
-
Would be interesting to have STIBP vs. Hyper-Threading disabled benchmarks, just to see if there's something to gain.Comment
-
Wish your wife a speedy recovery Michael! I imagine that, behind the scenes, she must also have contributed a lot to the existence of Phoronix even just as a supportive partner.
Phoronix is the definitive source of open source news and one of the few sites I have read regularly for at least 10 years, although to my shame I am not a premium member.
Regardless of if you choose to take some time off, or continue posting articles throughout, as readers we will still be coming back to the site when the next article is ready.Comment
-
Unfortunately it looks like she will be there for up to a few days now as it turned out to be a different diagnosis, so my posting schedule will be a bit messed up but still happening....Originally posted by superstructor View Post
Actually I met her while organizing X.Org Developers' Conference 2012 lol.Michael Larabel
https://www.michaellarabel.com/Comment
Comment