Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 8 Jan 2018 07:46:26 -0500
From:      Baho Utot <>
To:        FreeBSD Mailing List <>
Subject:   =?UTF-8?Q?Re:_Meltdown_=e2=80=93_Spectre?=
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <> <> <20180108085756.GA3001@c720-r314251> <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On 1/8/2018 7:37 AM, Aryeh Friedman wrote:
> On Mon, Jan 8, 2018 at 7:28 AM, Baho Utot < 
> <>> wrote:
>     On 1/8/2018 4:15 AM, Aryeh Friedman wrote:
>         On Mon, Jan 8, 2018 at 3:57 AM, Matthias Apitz <
>         <>> wrote:
>             As I side note, and not related to FreeBSD: My Internet
>             server is run by
>             some webhosting company ( <>),
>             they use Ubuntu servers and since
>             yesterday they have shutdown SSH access to the servers
>             argumenting that
>             they want
>             protect my (all's) servers against attacks of Meltdown and
>             Spectre.
>             Imagine, next time we have to shutdown all IOT gadgets...
>            Not always possible for things like medical test
>         equipment/devices.  For
>         example I maintain a specialized EMR for interacting with Dr.
>         prescribed
>         remote cardiac monitors.   Having those off line is not an
>         option since
>         they are used to detect if the patient needs something more
>         serious like a
>         pace maker (also almost always a IoT device these days) surgery.
>         The actual monitoring is done on Windows and was attacked by some
>         ransomeware via a bit coin miner that somehow installed it
>         self.   Since
>         all the users claim that they don't read email/upload/download
>         executables
>         or any other of the known attack vectors this leaves something like
>         Meltdown or Spectre.   We have also detected issues on the
>         CentOS that has
>         the non-medical corporate site on it.   The only machine left on
>         touched on
>         the physical server (running some bare metal virtualization
>         tool) is the
>         FreeBSD machine that runs the actual EMR we wrote.
>         TL;DR -- It seems Linux and Windows already have issues with
>         these holes
>         but I have seen little to no evidence that FreeBSD (when run as
>         a host).
>         In general when ever any virtualization issue (like the bleed
>         through on
>         Qemu last year) comes up FreeBSD is the one OS that seems to be
>         immune
>         (thanks to good design of the OS and bhyve).   This is the main
>         reason why
>         I chose FreeBSD over Linux as the reference host for PetiteCloud.
>     This is not operating system specific,  read the papers on theses
>     two. it attacks the cpu, usally through a JIT
> Please learn a little OS design theory before making insane claims.   
> Specifically it *ONLY* effects OS's that rely on the specific CPU 
> architecture (vs. a generic one).  Namely if you strictly partition the 
> page table between userland and kernel space (which xxxBSD has always 
> done and Linux has not) and don't use any CPU specific instructions to 
> do so (except for protected vs. unprotected mode in the original 386 
> design FreeBSD does not do this while yet again microslut and linux do).
> For more info go read the more technical thread then here in -hackers@ 
> and -current@.

Want to link to this message? Use this URL: <>