| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 Sep 2008 20:53:10 -0600 From: Theo de Raadt <deraadt@....openbsd.org> To: Brett Lymn <blymn@...systems.com.au> Cc: Florian Weimer <fw@...eb.enyo.de>, B 650 <dunc.on.usenet@...glemail.com>, bugtraq@...urityfocus.com Subject: Re: Sun M-class hardware denial of service > > Oh I get it. > > > > No you don't. > > > You can use a "trust relationship with your > > administrators" to get around the fact that Sun sold a piece of > > hardware which does not provide the isolation they promised in their > > white papers and documentation. > > > > It is a bug. What you seem to be unable to grasp is that you can > configure the officially supported operating system to mitigate the > effects of that bug. I guess you don't want to accept that because it > diminishes the size of the problem. Oh you can avoid the problem by using only the vendor recommended configurations! Or so you think. A Solaris kernel module could trigger exactly the same bug. You'll see... you'll see.... You demand too little from your vendors; you probably get very little as a result..
Powered by blists - more mailing lists