Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Jan 2018 11:36:39 +0000
From:      Dave B <g8kbvdave@googlemail.com>
To:        Arthur Chance <freebsd@qeng-ho.org>, Ed Maste <emaste@freebsd.org>, freebsd-questions@freebsd.org
Subject:   =?UTF-8?Q?Re:_32_bit_fix=3f_=28Was_Re:_Meltdown_=e2=80=93_Spectre?= =?UTF-8?Q?=29?=
Message-ID:  <0b84bfbb-ef1b-f7d1-ca91-5bbbbb79595a@googlemail.com>
In-Reply-To: <49785edc-1ac4-48f3-bff0-19704dadc70b@qeng-ho.org>
References:  <mailman.94.1515499202.64522.freebsd-questions@freebsd.org> <2e86bfd9-9141-2872-1946-0e9d26326433@googlemail.com> <CAPyFy2Ce+=tZpDMo6kUdpYXAw-=8CRYUFNtinUeGe-Lnp=tYsA@mail.gmail.com> <6523f352-c895-e488-8006-76495907745a@googlemail.com> <49785edc-1ac4-48f3-bff0-19704dadc70b@qeng-ho.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hi again.

When I have more info (re the early CPU's etc)  I'll come back here with it.

Agreed re "appliance" NAS devices, "shouldn’t be running arbitrary
code".  But see the recent news re most WD MyCloud devices!Hard coded
back door's etc, so "some malicious bar steward" could probably plant
such if they wished.

Do you know about the "Shodan" search engine?   That makes it all too
easy to find web facing appliances.  Cameras, drives, printers, PVR's,
light bulbs and other IoT "things"...   https://www.shodan.io/  Enjoy!

Thanks for now.

    Dave B

(G0WBX)


On 10/01/18 11:23, Arthur Chance wrote:
> On 10/01/2018 09:41, Dave B via freebsd-questions wrote:
>> Hi Ed.
>>
>> Understood.   There's "a lot" of FreeBSD based kit out there, running on
>> 32 bit hardware.  A lot of NAS's for one.   (I don’t suppose any of
>> those commercial "appliances" will ever be updated though.)
> An attack requires running code exploiting the vulnerability on the
> target machine. NAS type appliances shouldn't allow arbitrary code to be
> run. (Emphasis on shouldn't, a lot of appliances seem not to care about
> security.)
>
>> But from my understanding, this problem has probably been present since
>> 1995, and maybe even earlier.  There is a paper published somewhere that
>> documents such issues, dated around 1992!  Awaiting for the SN645 show
>> notes to be published, for that info.
> I can't find the article I was reading right now, but it said Intel
> chips became vulnerable when the Westmere architecture (the 32 nm
> version of Nehalem) was introduced back in 2010. That was the early days
> of the Core i[357] CPUs, so Core and Core 2 CPUs are probably too old to
> be affected.
>
>> (Keep an eye on  https://www.grc.com/securitynow.htm )
>>
>> The conclusion then, was that it was probably not a problem as would be
>> "too difficult" to manipulate for any gain.
>>
>> The machines I have, are ex Win'2000 boxes, so are probably affected.  
>> One of them was web facing.  It's not now!
>>
>> Best Regards.
>>
>> Dave B.
>>
>> (G0WBX)
>>
>>
>>
>> On 10/01/18 03:29, Ed Maste wrote:
>>> On 9 January 2018 at 07:23, Dave B via freebsd-questions
>>> <freebsd-questions@freebsd.org> wrote:
>>>> When is a patch for i386 (32 bit) versions likely to be available?
>>>>
>>>> Regards.
>>>>
>>>> Dave B.
>>>>
>>>> (I only run non GUI 32 bit instances of FreeBSD, on older hardware, GPSD
>>>> NTP machines etc.)
>>> Similar techniques can be applied to i386, but they are a lower
>>> priority and we don't yet have a timeline. I expect that i386 patches
>>> will follow after the full set of mitigations have been applied to
>>> amd64.
>>>
>>> Note that if the "older hardware" is old enough it may predate these issues.
>> _______________________________________________
>> freebsd-questions@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>>
>




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?0b84bfbb-ef1b-f7d1-ca91-5bbbbb79595a>