From owner-freebsd-questions@freebsd.org Wed Jan 10 13:47:00 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 554A9E9C59C for ; Wed, 10 Jan 2018 13:47:00 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1CE81753FB; Wed, 10 Jan 2018 13:47:00 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-it0-x233.google.com with SMTP id d137so16249776itc.2; Wed, 10 Jan 2018 05:47:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0003hZw6ZxMphTq853Q0teYjO+bU7IH63DLDo+/4a2g=; b=bYO58XL4xvYskXwLF8XcKGJbM1qqCX41om4MwzvVOPZrwaTVVB92Oxj8Amn9mYiRHq SLyNiZrrqhzGmK+XKX5nDFYrYCuSNZDYaIUCCpwDnfIvJ+o90YFePLCXo3zwW7bphIqh LhsJFtPbQnLAQ5LlPqChAqgn6f5QrL3cqHhegX3/rT8iR+xOJ+9xFRXahqG4ZLOZUyJb 1SHcQ+PFPMd/CCZVm9Pze/Z0Yn0tzf0Jyjr6t3xAMQgXUxWJ5kG7VwyNZGoKL2/ValfD adLfZ37Pg3tNnZ0HDVntNeqqtiBlMFrYmYqdFPXbh5j3TPa2BFH79UkG+e9FzdJyN9Kh sZ9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0003hZw6ZxMphTq853Q0teYjO+bU7IH63DLDo+/4a2g=; b=kiD7zTCcnYA8YhRfMALEkclBhNRdr28KaKRQq6p/O/iJpq1g0GG8sGjxgJ8SKwK1+5 /WUhoNwpClIZKCgno5EHg/II6FiVSZ3HoL1W1IbKg2HU6lQ7/X79hXzH2u/YqiMbcZVW XI6EKMGhUDarmLjZ6t+hk6X7DB0sRpYScezDdGS8um4rKOtk9JclfGydK2YIRYMm8+ln 1OYjeNZU0WnvHkGOz6Oghct8EP6FV6A55persc1BywGEqvRImDk+s13k8GfhRHbAVKz7 RpiN0HefrgxnFMz8ShT6AoV/SaCn4Usj+Ijnv+8FE3UlZRYBViGC+1NeaYgTORXQEwrf IkFg== X-Gm-Message-State: AKwxytflvdnBuELHajxkyxCralvzGrHon+zOV5NKyHFwERgD7lOFPY45 O8tOjRYND7aVPKUFGz/DoBLIvEaX7uUP1CS2pZM= X-Google-Smtp-Source: ACJfBot9oIDcl9THdVtxvj4HGCy+dvnoxNnzFtpJFQ2aerOsJ8qgo0v5/LtaEeCo4js+mOZEA5O+7fJzH3IRQNJDHyU= X-Received: by 10.36.73.204 with SMTP id e73mr14176925itd.85.1515592019288; Wed, 10 Jan 2018 05:46:59 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.112.76 with HTTP; Wed, 10 Jan 2018 05:46:58 -0800 (PST) In-Reply-To: <0b84bfbb-ef1b-f7d1-ca91-5bbbbb79595a@googlemail.com> References: <2e86bfd9-9141-2872-1946-0e9d26326433@googlemail.com> <6523f352-c895-e488-8006-76495907745a@googlemail.com> <49785edc-1ac4-48f3-bff0-19704dadc70b@qeng-ho.org> <0b84bfbb-ef1b-f7d1-ca91-5bbbbb79595a@googlemail.com> From: krad Date: Wed, 10 Jan 2018 13:46:58 +0000 Message-ID: Subject: =?UTF-8?Q?Re=3A_32_bit_fix=3F_=28Was_Re=3A_Meltdown_=E2=80=93_Spectre=29?= To: Dave B Cc: Arthur Chance , Ed Maste , FreeBSD Questions Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2018 13:47:00 -0000 Ideally no, but most do have the capability these days, as they are multi use systems. Eg freenas can run jails, and vms, unraid doing docker stuff etc...... On 10 January 2018 at 11:36, Dave B via freebsd-questions < freebsd-questions@freebsd.org> wrote: > Hi again. > > When I have more info (re the early CPU's etc) I'll come back here with > it. > > Agreed re "appliance" NAS devices, "shouldn=E2=80=99t be running arbitrar= y > code". But see the recent news re most WD MyCloud devices!Hard coded > back door's etc, so "some malicious bar steward" could probably plant > such if they wished. > > Do you know about the "Shodan" search engine? That makes it all too > easy to find web facing appliances. Cameras, drives, printers, PVR's, > light bulbs and other IoT "things"... https://www.shodan.io/ Enjoy! > > Thanks for now. > > Dave B > > (G0WBX) > > > On 10/01/18 11:23, Arthur Chance wrote: > > On 10/01/2018 09:41, Dave B via freebsd-questions wrote: > >> Hi Ed. > >> > >> Understood. There's "a lot" of FreeBSD based kit out there, running = on > >> 32 bit hardware. A lot of NAS's for one. (I don=E2=80=99t suppose a= ny of > >> those commercial "appliances" will ever be updated though.) > > An attack requires running code exploiting the vulnerability on the > > target machine. NAS type appliances shouldn't allow arbitrary code to b= e > > run. (Emphasis on shouldn't, a lot of appliances seem not to care about > > security.) > > > >> But from my understanding, this problem has probably been present sinc= e > >> 1995, and maybe even earlier. There is a paper published somewhere th= at > >> documents such issues, dated around 1992! Awaiting for the SN645 show > >> notes to be published, for that info. > > I can't find the article I was reading right now, but it said Intel > > chips became vulnerable when the Westmere architecture (the 32 nm > > version of Nehalem) was introduced back in 2010. That was the early day= s > > of the Core i[357] CPUs, so Core and Core 2 CPUs are probably too old t= o > > be affected. > > > >> (Keep an eye on https://www.grc.com/securitynow.htm ) > >> > >> The conclusion then, was that it was probably not a problem as would b= e > >> "too difficult" to manipulate for any gain. > >> > >> The machines I have, are ex Win'2000 boxes, so are probably affected. > >> One of them was web facing. It's not now! > >> > >> Best Regards. > >> > >> Dave B. > >> > >> (G0WBX) > >> > >> > >> > >> On 10/01/18 03:29, Ed Maste wrote: > >>> On 9 January 2018 at 07:23, Dave B via freebsd-questions > >>> wrote: > >>>> When is a patch for i386 (32 bit) versions likely to be available? > >>>> > >>>> Regards. > >>>> > >>>> Dave B. > >>>> > >>>> (I only run non GUI 32 bit instances of FreeBSD, on older hardware, > GPSD > >>>> NTP machines etc.) > >>> Similar techniques can be applied to i386, but they are a lower > >>> priority and we don't yet have a timeline. I expect that i386 patches > >>> will follow after the full set of mitigations have been applied to > >>> amd64. > >>> > >>> Note that if the "older hardware" is old enough it may predate these > issues. > >> _______________________________________________ > >> freebsd-questions@freebsd.org mailing list > >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions > >> To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" > >> > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >