lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 28 Sep 2008 20:14:35 -0600
From: Theo de Raadt <deraadt@....openbsd.org>
To: Brett Lymn <blymn@...systems.com.au>
Cc: Florian Weimer <fw@...eb.enyo.de>,
	B 650 <dunc.on.usenet@...glemail.com>, bugtraq@...urityfocus.com
Subject: Re: Sun M-class hardware denial of service 

> and apparently you cannot read the whole message - I said "too bad if
> OpenBSD cannot do this"...
> 
> > If you put someone running OpenBSD into a zone, and that zone locks up
> > completely and cannot be reset because of a flaw Sun has now admitted,
> > then if you NEED that zone back, you have to power the machine down.
> > 
> 
> are you talking hardware zone or a Solaris zone?  You are being sloppy
> with your terminology.

OpenBSD of course cannot run in a Solaris zone.

OpenBSD can run in a hardware zone, and when something it does (which
we don't know yet) locks up that hardware zone, the only way to get
the hardware zone back is to POWER THE MACHINE OFF.  That is a lack
of hardware zoning, or isolation.  That is not what people paid a lot
of money for.

Those customers really expected that the machine would not need a
powerdown to get around a bug in hardware zones.

> > If you don't understand that, you must be really really stupid.
> >
> 
> Here we go again - any time anyone disagrees with you they are too
> stupid to see.  Sorry, I don't buy it.  You are just trying to beat
> something up.

Sun and Fujitsu will be releasing a fix eventually.

> > You want to talk about trust?  The entire idea is that you could
> > TRUST the zones to do their job.
> >  
> 
> Do you have any evidence to the contrary that a solaris zone cannot
> prevent random kernel modules being loaded?

Noone is talking about Solaris zones except you.  This problem takes
a hardware zone down, and the only way to get the zone back is to power
the machine off.

> If you don't then you are
> just spreading FUD.

Why don't we wait for Sun to release the fix, and then you can eat
your words.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ