Published in News

Linux offers to ignore Meltdown and Spectre

by on04 February 2019


At the request of administrators

The Linux kernel will disable mitigations for the meltdown and spectre bugs.

Despite being more than one year old, the Meltdown or Spectre vulnerabilities have remained a theoretical threat, but no malware strain or threat actor has ever used any in a real-world attack.

The only problem is that the mitigations slow down chips to the speed of an asthmatic ant with a heavy load of shopping. System and network administrators have called on the Linux project for options to disable these protections.

Many argued that the threat is theoretical and could easily be mitigated with proper perimeter defences.

Even Linus Torvalds has called for a slowdown in the deployment of some performance-hitting Spectre mitigations.

The Linux kernel team has reacted positively towards these requests and has been slowly adding controls to disable some of the more problematic mitigations.

The latest effort to have mitigations turned off -- and stay down -- is the addition of the PR_SPEC_DISABLE_NOEXEC control bit to the Linux kernel.

This bit will prevent child processes from starting in a state where the protections for Spectre v4 are still activated, despite being deactivated in the parent process.

 

Last modified on 04 February 2019
Rate this item
(0 votes)