Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 8 Jan 2018 12:11:40 -0600
From:      Valeri Galtsev <>
To:        Aryeh Friedman <>, Baho Utot <>
Cc:        FreeBSD Mailing List <>
Subject:   =?UTF-8?Q?Re:_Meltdown_=e2=80=93_Spectre?=
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <> <> <20180108085756.GA3001@c720-r314251> <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On 01/08/18 06:37, Aryeh Friedman wrote:
> On Mon, Jan 8, 2018 at 7:28 AM, Baho Utot <> wrote:
>> On 1/8/2018 4:15 AM, Aryeh Friedman wrote:
>>> On Mon, Jan 8, 2018 at 3:57 AM, Matthias Apitz <> wrote:
>>> As I side note, and not related to FreeBSD: My Internet server is run by
>>>> some webhosting company (, they use Ubuntu servers and since
>>>> yesterday they have shutdown SSH access to the servers argumenting that
>>>> they want
>>>> protect my (all's) servers against attacks of Meltdown and Spectre.
>>>> Imagine, next time we have to shutdown all IOT gadgets...
>>>    Not always possible for things like medical test equipment/devices.  For
>>> example I maintain a specialized EMR for interacting with Dr. prescribed
>>> remote cardiac monitors.   Having those off line is not an option since
>>> they are used to detect if the patient needs something more serious like a
>>> pace maker (also almost always a IoT device these days) surgery.
>>> The actual monitoring is done on Windows and was attacked by some
>>> ransomeware via a bit coin miner that somehow installed it self.   Since
>>> all the users claim that they don't read email/upload/download executables
>>> or any other of the known attack vectors this leaves something like
>>> Meltdown or Spectre.   We have also detected issues on the CentOS that has
>>> the non-medical corporate site on it.   The only machine left on touched
>>> on
>>> the physical server (running some bare metal virtualization tool) is the
>>> FreeBSD machine that runs the actual EMR we wrote.
>>> TL;DR -- It seems Linux and Windows already have issues with these holes
>>> but I have seen little to no evidence that FreeBSD (when run as a host).
>>> In general when ever any virtualization issue (like the bleed through on
>>> Qemu last year) comes up FreeBSD is the one OS that seems to be immune
>>> (thanks to good design of the OS and bhyve).   This is the main reason why
>>> I chose FreeBSD over Linux as the reference host for PetiteCloud.
>> This is not operating system specific,  read the papers on theses two. it
>> attacks the cpu, usally through a JIT
> Please learn a little OS design theory before making insane claims.
> Specifically it *ONLY* effects OS's that rely on the specific CPU
> architecture (vs. a generic one).  Namely if you strictly partition the
> page table between userland and kernel space (which xxxBSD has always done
> and Linux has not) and don't use any CPU specific instructions to do so
> (except for protected vs. unprotected mode in the original 386 design
> FreeBSD does not do this while yet again microslut and linux do).
> For more info go read the more technical thread then here in -hackers@ and
> -current@.

Thanks, Aryeh! Your posts made my day today.


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

Want to link to this message? Use this URL: <>