[Semibug] OpenBSD vulnerable to Meltdown & Spectre?

Kyle Willett kyle.d.willett at gmail.com
Wed Jun 7 14:36:03 EDT 2023


Hi Jonathan,

Disabling SMT has helped a lot in mitigating side channel attacks from
what I've read on /r/OpenBSD when this question comes up.  Disabling
SMT is not a panacea from what I've read though.  Combined with using
new processors with actual hardware mitigations and update microcode
will get you almost to 100% protection.  If you are still rocking say
a gen 8 Intel chip then there is only so much that software can
mitigate.  Keep in mind that apparently only Intel microcode is update
in OpenBSD, not AMD (I didn't know this myself until I read it by some
developers on the OpenBSD reddit page).  So, if you have an AMD CPU
like me in my OpenBSD laptop you have to install BIOS updates to get
new security features.

Hope that helps sir!

Kyle

On 6/7/23, Jonathan Drews <jondrews at fastmail.com> wrote:
> Is OpenBSD with a host based firewall safe against the Spectre and
> Meltdown exploits? Here is my simple firewall rules:
>
> #       $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
> #
> # See pf.conf(5) and /etc/examples/pf.conf
>
> set skip on lo
>
> block in all
> pass out all
>
>
> In order to execute Spectre and Meltdown, is access to a user account
> neccessary?
>
> --
> Kind regards,
> Jonathan
>
> _______________________________________________
> Semibug mailing list
> Semibug at lists.nycbug.org
> https://lists.nycbug.org:8443/mailman/listinfo/semibug
>



More information about the Semibug mailing list