Linus torvalds, ο πρωταρχικός δημιουργός του Linux, ανακοίνωσε καλά και κακά νέα για τα security gaps Meltdown and Spectre. The good news is that Linux Kernel 4.15 has been released and is "quiet and small, no last-minute panic, with minor fixes for various issues".
The bad news? "We're not done with it Spectre – Meltdown.”
In the Linux Kernel mailing list (Linux Kernel Mailing List or LKML), Torvalds reports:
"Most of the 4.15 project was all the regular boring stuff and I mean it was done in the best possible way that may not be glamorous to get titles, but is the bread and butter of core development."
"While Spectre/Meltdown was obviously the big news of this development cycle, it's worth noting that we also had all the regular updates and that work everywhere else didn't stop, and it didn't take away caution of developers from CPU issues. In the big picture, 4.15 looks perfectly normal, with two-thirds of the full patch being drivers … and not for reducing CPU bugs.”
But, trying to fix the problems that appeared with the vulnerabilities Meltdown και Specter, οι προγραμματιστές “ξόδεψαν” πολύ καιρό για προβλήματα που δεν έχουν ολοκληρωθεί ακόμα. Πρώτα απ ‘όλα, όπως όλοι οι προγραμματιστές κάθε λειτουργικού συστήματος, και αυτοί του Linux περιμένουν από τους σχεδιαστές hardware της Intel να ολοκληρώσουν τις ενημερώσεις σε firmware and microcode.
In its latest quarterly report, Intel CEO Brian Krzanich said that Intel will "restore the confidence in data security with a first urgent, transparent and timely communication with the customer". We are still waiting.
Krzanich also said that Intel is "working around the clock" to mitigate the Meltdown and Specter flaws and that the company will release updated chips later this year to provide a permanent fix. In the long run, defining these hardware architectural design problems may even require them users to replace their CPUs.
Meanwhile, Torvalds developers for the Linux kernel know the job is not done.
Torvalds said: "It is worth noting that we are not ready with Specter / Meltdown. It takes more time (arm, specter-v1, etc.) ”
Torvalds believes that “we will have a normal and completely boring development cycle for the 4.16 kernel. "Because boring is really good."
- Windows vs Linux you like does not like it
- Kernel 4.14.15 fixes 2 on 3 Variants of Specter & Meltdown