Re: [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33
Pavel Machek
Hi!
from each other. We simply don't allow code execution for untrusted
parties.
If someone decides to combine "top secret document storage" and
"honeypot giving shell to attackers" on single machine, well, they are
asking for trouble.
Best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Well, most systems do not really need to protect local user's secretsAlthough patches for MDS are included in this release, no test code has beenI wouldn't see it that extreme, it still heavily depends on what you are running and where. Also, the attacks are getting more complex.
published for these, so we have not tested for MDS. Also, patches did not
really follow the stable rules, so they could not be checked the same way
as checking for other patches. But the bug is ugly enough so we included
the patches anyway.
For the above reasons, modern x86 CPUs can not really be trusted with secrets;
similar attacks are likely to happen in future.
from each other. We simply don't allow code execution for untrusted
parties.
If someone decides to combine "top secret document storage" and
"honeypot giving shell to attackers" on single machine, well, they are
asking for trouble.
Best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html