Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Jan 2018 13:46:58 +0000
From:      krad <kraduk@gmail.com>
To:        Dave B <g8kbvdave@googlemail.com>
Cc:        Arthur Chance <freebsd@qeng-ho.org>, Ed Maste <emaste@freebsd.org>,  FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   =?UTF-8?Q?Re=3A_32_bit_fix=3F_=28Was_Re=3A_Meltdown_=E2=80=93_Spectre=29?=
Message-ID:  <CALfReyc42mQ4L11T2VfP_jOikx=yAw1R_oQTG3iWO9VX9_iMHQ@mail.gmail.com>
In-Reply-To: <0b84bfbb-ef1b-f7d1-ca91-5bbbbb79595a@googlemail.com>
References:  <mailman.94.1515499202.64522.freebsd-questions@freebsd.org> <2e86bfd9-9141-2872-1946-0e9d26326433@googlemail.com> <CAPyFy2Ce+=tZpDMo6kUdpYXAw-=8CRYUFNtinUeGe-Lnp=tYsA@mail.gmail.com> <6523f352-c895-e488-8006-76495907745a@googlemail.com> <49785edc-1ac4-48f3-bff0-19704dadc70b@qeng-ho.org> <0b84bfbb-ef1b-f7d1-ca91-5bbbbb79595a@googlemail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Ideally no, but most do have the capability  these days, as they are multi
use systems. Eg freenas can run jails, and vms, unraid doing docker stuff
etc......

On 10 January 2018 at 11:36, Dave B via freebsd-questions <
freebsd-questions@freebsd.org> wrote:

> Hi again.
>
> When I have more info (re the early CPU's etc)  I'll come back here with
> it.
>
> Agreed re "appliance" NAS devices, "shouldn=E2=80=99t be running arbitrar=
y
> code".  But see the recent news re most WD MyCloud devices!Hard coded
> back door's etc, so "some malicious bar steward" could probably plant
> such if they wished.
>
> Do you know about the "Shodan" search engine?   That makes it all too
> easy to find web facing appliances.  Cameras, drives, printers, PVR's,
> light bulbs and other IoT "things"...   https://www.shodan.io/   Enjoy!
>
> Thanks for now.
>
>     Dave B
>
> (G0WBX)
>
>
> On 10/01/18 11:23, Arthur Chance wrote:
> > On 10/01/2018 09:41, Dave B via freebsd-questions wrote:
> >> Hi Ed.
> >>
> >> Understood.   There's "a lot" of FreeBSD based kit out there, running =
on
> >> 32 bit hardware.  A lot of NAS's for one.   (I don=E2=80=99t suppose a=
ny of
> >> those commercial "appliances" will ever be updated though.)
> > An attack requires running code exploiting the vulnerability on the
> > target machine. NAS type appliances shouldn't allow arbitrary code to b=
e
> > run. (Emphasis on shouldn't, a lot of appliances seem not to care about
> > security.)
> >
> >> But from my understanding, this problem has probably been present sinc=
e
> >> 1995, and maybe even earlier.  There is a paper published somewhere th=
at
> >> documents such issues, dated around 1992!  Awaiting for the SN645 show
> >> notes to be published, for that info.
> > I can't find the article I was reading right now, but it said Intel
> > chips became vulnerable when the Westmere architecture (the 32 nm
> > version of Nehalem) was introduced back in 2010. That was the early day=
s
> > of the Core i[357] CPUs, so Core and Core 2 CPUs are probably too old t=
o
> > be affected.
> >
> >> (Keep an eye on  https://www.grc.com/securitynow.htm )
> >>
> >> The conclusion then, was that it was probably not a problem as would b=
e
> >> "too difficult" to manipulate for any gain.
> >>
> >> The machines I have, are ex Win'2000 boxes, so are probably affected.
> >> One of them was web facing.  It's not now!
> >>
> >> Best Regards.
> >>
> >> Dave B.
> >>
> >> (G0WBX)
> >>
> >>
> >>
> >> On 10/01/18 03:29, Ed Maste wrote:
> >>> On 9 January 2018 at 07:23, Dave B via freebsd-questions
> >>> <freebsd-questions@freebsd.org> wrote:
> >>>> When is a patch for i386 (32 bit) versions likely to be available?
> >>>>
> >>>> Regards.
> >>>>
> >>>> Dave B.
> >>>>
> >>>> (I only run non GUI 32 bit instances of FreeBSD, on older hardware,
> GPSD
> >>>> NTP machines etc.)
> >>> Similar techniques can be applied to i386, but they are a lower
> >>> priority and we don't yet have a timeline. I expect that i386 patches
> >>> will follow after the full set of mitigations have been applied to
> >>> amd64.
> >>>
> >>> Note that if the "older hardware" is old enough it may predate these
> issues.
> >> _______________________________________________
> >> freebsd-questions@freebsd.org mailing list
> >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> >> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe@freebsd.org"
> >>
> >
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe@freebsd.org"
>



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CALfReyc42mQ4L11T2VfP_jOikx=yAw1R_oQTG3iWO9VX9_iMHQ>