From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-181807-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id ED9E21382C5
	for <garchives@archives.gentoo.org>; Fri,  5 Jan 2018 13:08:24 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 92CCCE0D64;
	Fri,  5 Jan 2018 13:08:19 +0000 (UTC)
Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 2DDCBE0D5E
	for <gentoo-user@lists.gentoo.org>; Fri,  5 Jan 2018 13:08:19 +0000 (UTC)
Received: by mail-pf0-x234.google.com with SMTP id p84so2165073pfd.3
        for <gentoo-user@lists.gentoo.org>; Fri, 05 Jan 2018 05:08:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to;
        bh=nDRpJybOf+w3ZjkwdFY0Ci5IG0LSVhlf57xF70RPYb4=;
        b=smLaiP1vAmyl7im5j+Vse0AuDDcAdQ86aynwlVbSarmJHmetv+/o+vCFrRsM/B1apV
         mzxtpwMS/dALHdT1J0DPcVP7bOXL4yvcN4Q48Mp3rbbnryBgRMIhFnXie+enlbcGqGYj
         88bKIwdlEqRZsHEaJa33uVDEpaEM/PExW+jTAAp+x7iyXoNQL60KBcr0WP3wrQyo0qVv
         98TZeennYDyrjdfirGZq6pRZb7TkOdxJHDlmepyvJGTAmQ0Dp/A3GC0O2loQ8L3z1l31
         spLlwwPlrCuxvtFM/DlFTFzWxbpCSMeSJ+9bn//4Ru4uDEuLVDJcXH9ZuyRQyto1VHk/
         ryvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to;
        bh=nDRpJybOf+w3ZjkwdFY0Ci5IG0LSVhlf57xF70RPYb4=;
        b=jZAEKTSS8B1wG5XD398TPIomrj03tIM9HaARdEBNBBJCG9oxIhBIzhoUdgG9PIrNLX
         NjOmAfGJHX/hMdiFHSFPk78FcHUhYsMUtZw/36rsGxjpiqGA7Hl3xMbFds7OES3zAZAd
         Xi8YMWhWNVWOJX5sIAnjqSPQ4DAtaR44I6HDbiRJbUAoXqaMz5LfcImKPrr5AuiFpvpl
         PIoaqslSgQbrd6KSEbCBiN3VzcIdN1mdkg/mKI/eCvdjPwQ+ujYVXmsgi1VXpCPRhhWE
         jCL2Ek9lWr8t8G0UgekqGAqpzJ9OSoGr+WsKbUGu4cPJG7tKnArW2YG32Zj1g5T2sdBX
         7iGA==
X-Gm-Message-State: AKGB3mL/xJL36PoWlDJvnCh2vf9DYO+D3byz73phhoTSPnjj443WvvI2
	ctEqJPopZY6vVRNhHRtexEz8yhDFTlwcAnL+S4W5qA==
X-Google-Smtp-Source: ACJfBos5IjpMMylalDTR2WwZsMsUTMpHyxurAjiPk0mWfduLuRHC1BzX0eDmfpRagv5xc3I5aqBGE9ZgWwwzT95YXmY=
X-Received: by 10.99.110.2 with SMTP id j2mr1495949pgc.375.1515157697736; Fri,
 05 Jan 2018 05:08:17 -0800 (PST)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Sender: freemanrich@gmail.com
Received: by 10.100.151.169 with HTTP; Fri, 5 Jan 2018 05:08:17 -0800 (PST)
In-Reply-To: <20180105123422.GA22675@waltdnes.org>
References: <2CA973AB-B583-4F4F-A0B3-0FE347A672BD@stellar.eclipse.co.uk>
 <v56the-5ek.ln1@hurikhan77.spdns.de> <CAGfcS_nwSFyOxwQVs31=PWs0=Qk-Zuj7fv2u3YG1P5dxtnYCHg@mail.gmail.com>
 <CAC=wYCEG10Cucgpv_9chuLr4cBJHYgkwDy8-hX2bmYyho=TtWw@mail.gmail.com>
 <5A4D3E92.5010908@youngman.org.uk> <CAGfcS_ng-iEZMTAEV0PCimK6v=nD3jDkfdVJCme24=0nggPS2Q@mail.gmail.com>
 <pan$4131b$60b7adde$c92b847e$11433c3e@applied-asynchrony.com>
 <CAGfcS_=JHn_ZQVbKwH1DHGVRfwyBJL+gXsF3g8=4Lk4mUhWHcQ@mail.gmail.com>
 <20180105021217.GA19977@waltdnes.org> <CAGfcS_=YJCLuL-wYABWZP_uvyvtgfNccj60PfFbBc6qFSddBRw@mail.gmail.com>
 <20180105123422.GA22675@waltdnes.org>
From: Rich Freeman <rich0@gentoo.org>
Date: Fri, 5 Jan 2018 08:08:17 -0500
X-Google-Sender-Auth: 74WCXRcocOrQRB9zEYb1Np8Xp8o
Message-ID: <CAGfcS_=Cib5bS97zK49fb5sMzWegwAN26wPUA6UcQK78eB=R6g@mail.gmail.com>
Subject: Re: [gentoo-user] Re: old kernels are installed during the upgrade
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset="UTF-8"
X-Archives-Salt: 2fcb1ea1-b587-4542-b9dc-fea1f61db4ed
X-Archives-Hash: de57400a040a08062c5cb98a9c3bb57e

On Fri, Jan 5, 2018 at 7:34 AM, Walter Dnes <waltdnes@waltdnes.org> wrote:
>
>   I wonder if it's possible to compile a web browser with protection
> against the exploits, but turn it off for other apps.  That would
> protect against external attacks, while not hurting local app speed.
>

There are three exploits, all requiring different solutions.  Only
exploit 3 has a solution which impacts speed.

Trying to fix exploit 3 in the browser seems dubious.  You'd need to
detect code patterns that could be trying to trigger the exploit
before they're run, because the CPU itself isn't going to provide any
protection here.  Exploit 3 is the only exploit that doesn't require
some kind of underlying vulnerability in a piece of software that is
being attacked (in addition to the CPU vulnerability).

Exploits 1/2 do require fixes in the browser already, but those don't
significantly impact performance.  Those fixes are also still being
worked on.

-- 
Rich