1476925110 J * fstd_ ~fstd@x4db6c91e.dyn.telefonica.de
1476925111 Q * fstd Read error: Connection reset by peer
1476925126 N * fstd_ fstd
1476927915 J * aj__ ~aj@x590d6e43.dyn.telefonica.de
1476928304 Q * derjohn_mobi Ping timeout: 480 seconds
1476934808 M * gnarface https://news.slashdot.org/story/16/10/19/2358209/researchers-bypass-aslr-protection-on-intel-haswell-cpus
1476934827 M * gnarface linux-vserver kernels are immune to this attack though, right?
1476934846 M * gnarface i mean, at least, the attack can't jump guests, is what i'm saying
1476934853 M * gnarface or, asking, rather
1476934856 M * gnarface right?
1476935066 M * Bertl well, ASLR is basically obfuscation
1476935095 M * Bertl i.e. it is not 'security' per se, it is just making it more complicated to run attacks
1476935138 M * Bertl the research showed that the obfuscation is not as good as expected
1476935197 M * gnarface i see
1476935204 M * Bertl can it be 'used' across guests? likely .. does it lower the security between guests? doesn't look like
1476935219 M * gnarface ok, i guess that's what i was asking
1476938677 M * Bertl  off to bed now ... have a good one everyone!
1476938679 N * Bertl Bertl_zZ
1476946394 J * Ghislain ~ghislain@adsl1.aqueos.com
1476951013 M * DelTree_ \_o< ~ Coin ~ >o_/
1476953234 Q * aj__ Ping timeout: 480 seconds
1476956460 J * aj__ ~aj@b2b-94-79-172-98.unitymedia.biz
1476957827 Q * aj__ Ping timeout: 480 seconds
1476957952 J * geos_one ~chatzilla@213-47-170-183.static.upcbusiness.at
1476958842 J * aj__ ~aj@b2b-94-79-172-98.unitymedia.biz
1476958948 N * Bertl_zZ Bertl
1476958952 M * Bertl  morning folks!
1476965378 Q * Aiken Remote host closed the connection
1476971376 Q * aj__ Ping timeout: 480 seconds
1476972439 J * aj__ ~aj@b2b-94-79-172-98.unitymedia.biz
1476978467 M * CcxWrk Any idea on whether https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117 affects VServer kernels? I can't seem to find the version of earliest affected kernel anywhere.
1476978520 M * CcxWrk The recvmmsg() system call was added in Linux 2.6.33. But no clue about the vulnerability itself.
1476978602 Q * geos_one Quit: ChatZilla 0.9.92 [Firefox 49.0/20160927190530]
1476978939 M * Bertl well, as it says: kernels _before_ 4.5.2 this is likely to affect any Linux-VServer kernels before that version
1476979485 M * CcxWrk Yeah. Needless to say remote execution of code is "pretty bad".
1476979591 M * Bertl I'm pretty sure patches and kernel updates will show up soon
1476979768 M * CcxWrk Oh, it's been fixed in upstream since 4.5.2 and been backported to many distro kernels. But if I don't use those, does that mean I need to maintain my own set of security fixes on top of vserver patchset?
1476979824 M * CcxWrk Are the 4.1 patches on 13thfloor useable? They don't show up on the main site.
1476979982 M * Bertl that is mainly because the script updating the main page has not been updated to handle 4.x kernels yet
1476979992 M * CcxWrk I see.
1476980487 M * Bertl  off for now ... bbl
1476980489 N * Bertl Bertl_oO
1476980541 M * CcxWrk Is there a mantained patchset (in some distro?) which includes security fixes and vserver?
1476980543 M * CcxWrk Seeya!
1476980725 M * Ghislain i do not think vserver patch is in any disto rigth now, perhaps gentoo but low chance
1476980843 M * CcxWrk No, got removed. I proxy-maint the util-vserver now though which is still in.
1476981010 M * CcxWrk I might be able to get the kernels back in with some effort, or we can just make an overlay.
1476981617 Q * aj__ Ping timeout: 480 seconds
1476989935 Q * Ghislain Quit: Leaving.
1476992089 J * Aiken ~Aiken@d63f.h.jbmb.net
1476995495 J * aj__ ~aj@x590d6e43.dyn.telefonica.de