From owner-freebsd-questions@freebsd.org Wed Jan 10 11:36:42 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E3B30E7A692 for ; Wed, 10 Jan 2018 11:36:42 +0000 (UTC) (envelope-from g8kbvdave@googlemail.com) Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 774B96F2CA; Wed, 10 Jan 2018 11:36:42 +0000 (UTC) (envelope-from g8kbvdave@googlemail.com) Received: by mail-wm0-x22b.google.com with SMTP id g1so8375623wmg.2; Wed, 10 Jan 2018 03:36:42 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=WKT8HZsb/NYTYunS7mPyesUiS/NSWMcRyeVT4UtuHuA=; b=g7cXSnC+ESzgucjd1aLEe9za8CYr1Jo2zfXx76DA34NmuXizZcQSWNbbeQ82JBQaDM wb0qaB7B3xfogQzIKOiBulZNIOaJ5blTGyqbD5JCqhzRtvG1svqzoI7haNv6RBMajrqS cOCuinUkrcvnqfEJADqLsArlKs9PHed1Fo0A/spkiWOh0EMzfxpHYmHeequoev6oAYAw VJUSlspnpim2YAEZfiLPk3lCQdMfE4LxnzUYQo4wWyjXix+p3Bmm5b2XYVUDvyA+3vFL iConuJEGsrIj7OuFmCKDRbDl8CyYuOWnU6ZcPOqqV0KCd+T3uvVSJEHxxRLjSiHQaijz Eg2A== X-Gm-Message-State: AKwxytfpuf58PiAvQuwlEAxsXhVdbAcuRpg7b27/vlBdYPg8UaqUMQb1 uOfntZvi1IG6scRU/9MrxqGD3N9v X-Google-Smtp-Source: ACJfBotvQ6J2RHywB6dIjoulNXANN3hTIM4HnpKMabXQJWet6PKnen4/nvkDHWKP7AILgkH2Pk4Cjw== X-Received: by 10.80.148.248 with SMTP id t53mr6970408eda.180.1515584200755; Wed, 10 Jan 2018 03:36:40 -0800 (PST) Received: from [192.168.2.55] ([217.41.35.220]) by smtp.gmail.com with ESMTPSA id 26sm9557141eds.67.2018.01.10.03.36.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 03:36:40 -0800 (PST) Subject: =?UTF-8?Q?Re:_32_bit_fix=3f_=28Was_Re:_Meltdown_=e2=80=93_Spectre?= =?UTF-8?Q?=29?= To: Arthur Chance , Ed Maste , freebsd-questions@freebsd.org References: <2e86bfd9-9141-2872-1946-0e9d26326433@googlemail.com> <6523f352-c895-e488-8006-76495907745a@googlemail.com> <49785edc-1ac4-48f3-bff0-19704dadc70b@qeng-ho.org> From: Dave B Message-ID: <0b84bfbb-ef1b-f7d1-ca91-5bbbbb79595a@googlemail.com> Date: Wed, 10 Jan 2018 11:36:39 +0000 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <49785edc-1ac4-48f3-bff0-19704dadc70b@qeng-ho.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-GB X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2018 11:36:43 -0000 Hi again. When I have more info (re the early CPU's etc)  I'll come back here with it. Agreed re "appliance" NAS devices, "shouldn’t be running arbitrary code".  But see the recent news re most WD MyCloud devices!Hard coded back door's etc, so "some malicious bar steward" could probably plant such if they wished. Do you know about the "Shodan" search engine?   That makes it all too easy to find web facing appliances.  Cameras, drives, printers, PVR's, light bulbs and other IoT "things"...   https://www.shodan.io/   Enjoy! Thanks for now.     Dave B (G0WBX) On 10/01/18 11:23, Arthur Chance wrote: > On 10/01/2018 09:41, Dave B via freebsd-questions wrote: >> Hi Ed. >> >> Understood.   There's "a lot" of FreeBSD based kit out there, running on >> 32 bit hardware.  A lot of NAS's for one.   (I don’t suppose any of >> those commercial "appliances" will ever be updated though.) > An attack requires running code exploiting the vulnerability on the > target machine. NAS type appliances shouldn't allow arbitrary code to be > run. (Emphasis on shouldn't, a lot of appliances seem not to care about > security.) > >> But from my understanding, this problem has probably been present since >> 1995, and maybe even earlier.  There is a paper published somewhere that >> documents such issues, dated around 1992!  Awaiting for the SN645 show >> notes to be published, for that info. > I can't find the article I was reading right now, but it said Intel > chips became vulnerable when the Westmere architecture (the 32 nm > version of Nehalem) was introduced back in 2010. That was the early days > of the Core i[357] CPUs, so Core and Core 2 CPUs are probably too old to > be affected. > >> (Keep an eye on  https://www.grc.com/securitynow.htm ) >> >> The conclusion then, was that it was probably not a problem as would be >> "too difficult" to manipulate for any gain. >> >> The machines I have, are ex Win'2000 boxes, so are probably affected.   >> One of them was web facing.  It's not now! >> >> Best Regards. >> >> Dave B. >> >> (G0WBX) >> >> >> >> On 10/01/18 03:29, Ed Maste wrote: >>> On 9 January 2018 at 07:23, Dave B via freebsd-questions >>> wrote: >>>> When is a patch for i386 (32 bit) versions likely to be available? >>>> >>>> Regards. >>>> >>>> Dave B. >>>> >>>> (I only run non GUI 32 bit instances of FreeBSD, on older hardware, GPSD >>>> NTP machines etc.) >>> Similar techniques can be applied to i386, but they are a lower >>> priority and we don't yet have a timeline. I expect that i386 patches >>> will follow after the full set of mitigations have been applied to >>> amd64. >>> >>> Note that if the "older hardware" is old enough it may predate these issues. >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >> >