WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Meltdown and Spectre Vulnarablity  (Read 3040 times)

Offline Pats

  • Sr. Member
  • ****
  • Posts: 322
Meltdown and Spectre Vulnarablity
« on: June 30, 2018, 05:34:56 AM »
From a common small users POView, is Tinycorelinux Safe and Secure from Meltdown vulnarablity ?

What I know abt it is : 
Meltdown and /or Spectre  exploit can access any kind of priviledged data like pwords, emails, personal info in memory which only a CPU processor can have access while executing low-level instructions.
Ordinarily, the mechanisms described above are considered secure. They provide the basis for most modern operating systems and processors. Meltdown exploits the way these features interact, to bypass the CPU's fundamental privilege controls and access privileged and sensitive data from the operating system and other processes.

One can say that the data that is mapped in virtual memory (much of which the process is not supposed to be able to access), and look at how the CPU responds when a process attempts to access unauthorized memory. The process is running on a vulnerable version of Windows, Linux , or MacOS, on a 64 bit processor of a vulnerable type.  Unfortunately this is a very common combination across almost all desktop computers, notebooks, laptops, servers and mobile devices.

1) Is it solvable at TCL lvl or at Linux Kernel level from Mr. Linus T ? 
2) Does it affect only 64-bit OS or 32-bit is also  vulnarable ?
3) Should we worry as of now ?

Just curious  !

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11049
Re: Meltdown and Spectre Vulnarablity
« Reply #1 on: June 30, 2018, 02:23:56 PM »
TC is just as vulnerable as every other OS.
The only barriers that can stop you are the ones you create yourself.

Offline figosdev

  • Newbie
  • *
  • Posts: 2
Re: Meltdown and Spectre Vulnarablity
« Reply #2 on: July 07, 2018, 02:50:52 PM »
Alex Oliva, the author of Linux-libre, is working on an article explaining why these vulnerabilities arent a real threat to people who only use free software.

Ive shared my own scepticism about this; he and I have spoken back and forth about it, and it is at least worth a read. I dont know if hes published it yet, Im just passing word along.

I dont take vulnerabilities lightly; personally I think it is going to become increasingly impossible to be secure without libre hardware, and Olivas article is moot if you dont whitelist javascript on websites. It is important to consider his point however, if you are one of those people who consider non-free microcode patches a problem. Obviously, most people do not; for those who do, this is important. "Do we need these patches (to be secure) or not?" I hope he publishes soon, so his points can be reviewed by more people.

Offline Pats

  • Sr. Member
  • ****
  • Posts: 322
Re: Meltdown and Spectre Vulnarablity
« Reply #3 on: July 23, 2018, 01:25:07 AM »
Quote
Alex Oliva, the author of Linux-libre, is working on an article explaining why these vulnerabilities arent a real threat to people who only use free software..

On a lighter vein , the obvious reason - why it is not a real threat to majority of free software user .. , may be beacuase there seems to be no attraction for hckers for any monetary gains !

... By the way , have read somewhere that , Qubes OS  has been approved by NSA whistleblower Edward Snowden  for  security features ! ... Wonder  , what is so special about Qubes features , that is not posible or present  in TCL !!

Offline vinceASPECT

  • Hero Member
  • *****
  • Posts: 810
Re: Meltdown and Spectre Vulnarablity
« Reply #4 on: July 23, 2018, 09:34:03 AM »
Hello there,

Well it's interesting ......the Intel patches and so forth stop it.   Although, this is an extremely extremely extremely old flaw (perhaps oceans of Ex's really).....they'v always known about it. Therefor it has existed for an extremely long while....and indeed masses of multiples of times over (it could have been discovered........ but never was)......exponentially oceans of them.

you must also apply that adage above.....to......... well .........how much dissemination of the bugs has taken place....?..... .and maybe in another (ocean of dinosaurs later)......people will discover how to gather  (Spectre/Meltdown) dust  while the hardware world has all moved on.

That is mostly what people know.     

Remember  KEY LOGGER thumb plugs.....?......that's a whole computer, designed for it's purpose which is a reality......don't people think about what "could" happen if you don't understand how nothing ever did happen.

The real scenario to consider, is the world of it and e-commerce wanting re-compense for service and hard/w agreements as to them being pursuing a compensation model.

V









Offline Pats

  • Sr. Member
  • ****
  • Posts: 322
Re: Meltdown and Spectre Vulnarablity
« Reply #5 on: July 27, 2018, 12:35:20 AM »
Quote
...the Intel patches and so forth stop it.   Although, this is an extremely extremely extremely old flaw (perhaps oceans of Ex's really).....they'v always known about it
Best reason to force consumers to scrap all old computers and adopt new harware .. Clever marketing tactics from hardware and software vendors !

Quote
..The real scenario to consider, is the world of it and e-commerce wanting re-compense for service and hard/w agreements as to them being pursuing a compensation model.

.. Again money matters and Sales promotion of e-commerce push !
... Thinking from a different angle from your side ! :)

Offline vinceASPECT

  • Hero Member
  • *****
  • Posts: 810
Re: Meltdown and Spectre Vulnarablity
« Reply #6 on: July 27, 2018, 10:15:01 AM »
Hello there,

Very interesting view(s) from an angle less perceived or believed but certainly an existing possibility.

yes.

Thankyou

Vin