lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <575b6581-7dcb-96a9-b06e-9f74dda5fa86@gmx.com>
Date:   Sat, 25 Aug 2018 10:42:37 +0000
From:   "Artem S. Tashkinov" <aros@....com>
To:     linux-kernel@...r.kernel.org
Subject: Disabling CPU vulnerabilities workarounds

Hello LKML,

As time goes by more and more fixes of Intel/AMD/ARM CPUs 
vulnerabilities are added to the Linux kernel without a simple way to 
disable them all in one fell swoop.

Disabling is a good option for strictly confined environments where no 
3d party untrusted code is ever to be run, e.g. a rendering farm, a 
supercomputer, or even a home server which runs Samba/SSH server and 
nothing else.

I wonder if someone could wrote a patch which implemented the following 
two options for the kernel:

* A boot option option which allows to disable most runtime 
protections/workarounds/fixes (as far as I understand some of them can't 
be reverted since they are compiled in or use certain GCC flags), e.g. 
let's call it "insecure" or "insecurecpumode".

* A compile-time CONFIG_ option which disables all these fixes 
_permanently_ without a way to turn them later back on during runtime.

Right now linux/Documentation/admin-guide/kernel-parameters.txt is a 
mess of various things which take ages to sift through and there's zero 
understanding whether you've found everything and correctly disabled it.


Best regards,
Artem

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ