lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7d2e1c7f-d778-4a5a-b566-6f99a1d78838@amazon.com>
Date: Tue, 1 Oct 2024 15:21:42 -0700
From: "Manwaring, Derek" <derekmn@...zon.com>
To: <david.kaplan@....com>
CC: <bp@...en8.de>, <dave.hansen@...ux.intel.com>, <derekmn@...zon.com>,
	<hpa@...or.com>, <jpoimboe@...nel.org>, <linux-kernel@...r.kernel.org>,
	<mingo@...hat.com>, <pawan.kumar.gupta@...ux.intel.com>,
	<peterz@...radead.org>, <tglx@...utronix.de>, <x86@...nel.org>
Subject: RE: [RFC PATCH 18/34] Documentation/x86: Document the new attack
 vector controls

On 2024-10-01 01:53+0000 David Kaplan wrote:
> On 2024-09-30 17:43-0700 Derek Manwaring wrote:
> > I think it'd be useful to get to a point that if someone comes across one of the
> > many papers & issue names, they could find it here and have an idea of how
> > it impacts their workload. Maybe this isn't the place for that kind of a
> > glossary, but interested in hearing where you see something like that fitting
> > in. If we could at least add a column or footnote for each to capture
> > something like "SRSO is also known as Inception and CVE-2023-20569," I
> > think that would go a long way to reduce confusion.
>
> That's a good idea.  One thought could be a new documentation file which could
> map CVE numbers to vendor/researcher names, kernel options, and related
> documentation.  Some of the issues already have their own documentation files
> with more details, but not all do.  I tend to agree it would be nice to have
> something easily searchable to help navigate all the names/acronyms.
>
> Open to other ideas on how to present the info, but this seems like a good
> thing to add somewhere.

Great, yeah if not as an addition to "Summary of attack-vector mitigations,"
maybe a new table in hw-vuln/index would be a good place.

Derek

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ