WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Meltdown and Spectre Vulnarablity  (Read 152 times)

Offline Pats

  • Full Member
  • ***
  • Posts: 211
Meltdown and Spectre Vulnarablity
« on: June 30, 2018, 02:34:56 AM »
From a common small users POView, is Tinycorelinux Safe and Secure from Meltdown vulnarablity ?

What I know abt it is : 
Meltdown and /or Spectre  exploit can access any kind of priviledged data like pwords, emails, personal info in memory which only a CPU processor can have access while executing low-level instructions.
Ordinarily, the mechanisms described above are considered secure. They provide the basis for most modern operating systems and processors. Meltdown exploits the way these features interact, to bypass the CPU's fundamental privilege controls and access privileged and sensitive data from the operating system and other processes.

One can say that the data that is mapped in virtual memory (much of which the process is not supposed to be able to access), and look at how the CPU responds when a process attempts to access unauthorized memory. The process is running on a vulnerable version of Windows, Linux , or MacOS, on a 64 bit processor of a vulnerable type.  Unfortunately this is a very common combination across almost all desktop computers, notebooks, laptops, servers and mobile devices.

1) Is it solvable at TCL lvl or at Linux Kernel level from Mr. Linus T ? 
2) Does it affect only 64-bit OS or 32-bit is also  vulnarable ?
3) Should we worry as of now ?

Just curious  !

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 9806
Re: Meltdown and Spectre Vulnarablity
« Reply #1 on: June 30, 2018, 11:23:56 AM »
TC is just as vulnerable as every other OS.
The only barriers that can stop you are the ones you create yourself.

Offline figosdev

  • WikiUser
  • *
  • Posts: 2
Re: Meltdown and Spectre Vulnarablity
« Reply #2 on: July 07, 2018, 11:50:52 AM »
Alex Oliva, the author of Linux-libre, is working on an article explaining why these vulnerabilities arent a real threat to people who only use free software.

Ive shared my own scepticism about this; he and I have spoken back and forth about it, and it is at least worth a read. I dont know if hes published it yet, Im just passing word along.

I dont take vulnerabilities lightly; personally I think it is going to become increasingly impossible to be secure without libre hardware, and Olivas article is moot if you dont whitelist javascript on websites. It is important to consider his point however, if you are one of those people who consider non-free microcode patches a problem. Obviously, most people do not; for those who do, this is important. "Do we need these patches (to be secure) or not?" I hope he publishes soon, so his points can be reviewed by more people.