Security News Archives
OPTPOLINES - Formerly Relpolines, Lower Overhead To Retpolines For Spectre Mitigation

It's been nearly one year to the day since the Spectre and Meltdown vulnerabilities were made public. While the security vulnerabilities were quickly buttoned up in the Linux space, kernel developers continue working to offset the performance overhead introduced by these mitigations. They made a lot of overhead reductions in 2018 while still there are some patch-sets pending still for bettering the experience. One of these patch-sets was known as "Relpolines" but now has been updated and morphed into what is being called Optpolines.

31 December 2018 - Optpolines - 1 Comment
WireGuard Is Now Available On Apple iOS

While WireGuard didn't make it for Linux 4.20 to the mainline kernel, if you are using an Apple tablet or phone, there is now an app that allows you to use WireGuard on iOS.

6 November 2018 - WireGuard + iOS - 10 Comments
STACKLEAK Plug-In Being Reattempted For Inclusion In Linux 4.20

Originally attempted for the Linux 4.19 kernel but not merged that cycle was the STACKLEAK GCC plug-in that was ported for the mainline code-base from the Linux GrSecurity patch-set. That plug-in is now trying to get into the Linux 4.20 (or perhaps relabeled as 5.0) kernel.

24 October 2018 - STACKLEAK - 1 Comment
RELPOLINES: A New Spectre V2 Approach To Lower Overhead Of Retpolines

Nadav Amit of VMware has announced their (currently experimental) work on "dynamic indirect call promotion" or what they have dubbed "RELPOLINES" -- not to be confused with the traditional Retpolines for "return trampolines" as one of the Spectre Variant Two software-based mitigation approaches. Relpolines is designed to have lower overhead than Retpolines.

18 October 2018 - RELPOLINES - 4 Comments
Spectre V2 "Lite" App-To-App Protection Mode Readying For The Linux Kernel

We are approaching one year since the Spectre and Meltdown CPU vulnerabilities shocked the industry, and while no new CPU speculative execution vulnerabilities have been made public recently, the Linux kernel developers continue improving upon the Spectre/Meltdown software-based mitigation techniques for helping to offset incurred performance costs with current generation hardware.

17 October 2018 - Application To Application - 6 Comments
Linux Readying Spectre V2 Userspace-Userspace Protection

While the Linux kernel has been patched for months (and updated CPU microcode available) to mitigate Spectre Variant Two "Branch Target Injection" this has been focused on kernel-space protection while patches are pending now for userspace-userspace protection.

26 September 2018 - Spectre Variant Two - 5 Comments
A Global Switch To Kill Linux's CPU Spectre/Meltdown Workarounds?

Something I have seen asked in our forums and elsewhere -- most recently on the kernel mailing list -- is whether there is a single kernel option that can be used for disabling all of the Spectre/Meltdown workarounds and any other performance-hurting CPU vulnerability workarounds.

25 August 2018 - More Performance!!!! - 91 Comments
Three New Security Advisories Hit X.Org's X11 Library

It's been a while since last having any big security bulletins for the X.Org Server even though some of the code-base dates back decades and security researchers have said the security is even worse than it looks and numerous advisories have come up in recent years. But it's not because X11 is bug-free as today three more security bulletins were made public affecting libX11.

21 August 2018 - libX11 Vulnerable - 8 Comments
Updated ARM Patches Posted For Mitigating Spectre V1 With GCC Compiler

ARM's Richard Earnshaw has posted a revised version for their months-in-development patch-set for mitigating against unsafe data speculation by the GCC code compiler. This new Spectre V1 mitigation for ARM 64-bit would be exposed via a new -mtrack-speculation compiler switch.

29 July 2018 - Spectre V1 GCC Feature - 1 Comment

103 Security news articles published on Phoronix.