| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5af37236-481c-1edf-7a09-75369004153e@mvista.com> Date: Thu, 11 Jan 2018 15:10:51 -0600 From: Corey Minyard <cminyard@...sta.com> To: Greg KH <greg@...ah.com> Cc: linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: Backport of KPTI to 2.6.32 available On 01/11/2018 02:32 PM, Greg KH wrote: > On Thu, Jan 11, 2018 at 11:42:38AM -0600, Corey Minyard wrote: >> I've completed a backport of KPTI from linux-stable-3.2.y to 2.6.32.71, in >> case anyone is interested and wants to avoid all the work I went through. >> It's available at: >> >> https://github.com/MontaVista-OpenSourceTechnology/linux-nonlts-secfix.git >> linux-2.6.32-secfix >> >> I'll try to keep it up to date with fixes andn with Spectre fixes. > That's crazy, why update it now, when it's missing hundreds, if not > thousands, of other much more severe security fixes? What makes this > one more "urgent" than all of the others? > > Anyway, anyone running this branch is getting a very false sense of "I'm > running a fixed kernel!" I strongly recommend it not be used for > anything... Yes, this is not useful as it is, you must be maintaining the kernel separately. I put this out as a help to anyone else who might need this. I certainly don't expect it to be used as-is. >> A 3.10 branch will hopefully be coming, too. > Again, why? There's backports for this in the android-common tree if > you really want it. But again, you really do not. Oh yeah, I guess the android kernel would be the way to go here. Never mind. -corey
Powered by blists - more mailing lists