lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 11 Jan 2018 21:32:13 +0100
From:   Greg KH <greg@...ah.com>
To:     Corey Minyard <cminyard@...sta.com>
Cc:     linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: Backport of KPTI to 2.6.32 available

On Thu, Jan 11, 2018 at 11:42:38AM -0600, Corey Minyard wrote:
> I've completed a backport of KPTI from linux-stable-3.2.y to 2.6.32.71, in
> case anyone is interested and wants to avoid all the work I went through.
> It's available at:
> 
> https://github.com/MontaVista-OpenSourceTechnology/linux-nonlts-secfix.git
> linux-2.6.32-secfix
> 
> I'll try to keep it up to date with fixes andn with Spectre fixes.

That's crazy, why update it now, when it's missing hundreds, if not
thousands, of other much more severe security fixes?  What makes this
one more "urgent" than all of the others?

Anyway, anyone running this branch is getting a very false sense of "I'm
running a fixed kernel!"  I strongly recommend it not be used for
anything...

> A 3.10 branch will hopefully be coming, too.

Again, why?  There's backports for this in the android-common tree if
you really want it.  But again, you really do not.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ