<![CDATA[FFS again??]]>FFS again?? https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo

If you have a modular kernel, blocking loading of modules esp4 and esp6 (IPsec 💩) in modprobe.d config should mitigate.

Given that this is the second time, a system-global seccomp filter blocking all splice-type syscalls/syscall-flags would probably be safer.

]]>https://board.circlewithadot.net/topic/170af55e-b3c4-4148-97a0-dc87e528e374/ffs-againRSS for NodeFri, 15 May 2026 04:15:28 GMTThu, 07 May 2026 20:13:27 GMT60<![CDATA[Reply to FFS again?? on Thu, 07 May 2026 20:45:18 GMT]]>@dalias @alwayscurious (by "normal users" I mean "people who haven't yet studied the arcane magicks of io_uring)

]]>https://board.circlewithadot.net/post/https://social.treehouse.systems/users/ska/statuses/116535244755472551https://board.circlewithadot.net/post/https://social.treehouse.systems/users/ska/statuses/116535244755472551Thu, 07 May 2026 20:45:18 GMT<![CDATA[Reply to FFS again?? on Thu, 07 May 2026 20:44:34 GMT]]>@dalias @alwayscurious splice is the only zero-copy mechanism available to normal users. I would hate to disable it. I'd rather disable the kernel modules one by one (for now, only relatively obscure stuff has been revealed to be broken; this may change in the future).

]]>https://board.circlewithadot.net/post/https://social.treehouse.systems/users/ska/statuses/116535241897832319https://board.circlewithadot.net/post/https://social.treehouse.systems/users/ska/statuses/116535241897832319Thu, 07 May 2026 20:44:34 GMT<![CDATA[Reply to FFS again?? on Thu, 07 May 2026 20:24:39 GMT]]>@alwayscurious Yes, if you're trying to run a business with millions of concurrent users efficiently rather than just paying AWS obscene amounts of money and passing on the cost to your customers.

For any ordinary desktop or server applications though? No, it's useless premature optimization, and now known to be extremely unsafe in how it's implemented.

]]>https://board.circlewithadot.net/post/https://hachyderm.io/users/dalias/statuses/116535163611206349https://board.circlewithadot.net/post/https://hachyderm.io/users/dalias/statuses/116535163611206349Thu, 07 May 2026 20:24:39 GMT<![CDATA[Reply to FFS again?? on Thu, 07 May 2026 20:22:28 GMT]]>@dalias Is splice even useful nowadays?

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/alwayscurious/statuses/116535155012781531https://board.circlewithadot.net/post/https://infosec.exchange/users/alwayscurious/statuses/116535155012781531Thu, 07 May 2026 20:22:28 GMT<![CDATA[Reply to FFS again?? on Thu, 07 May 2026 20:21:50 GMT]]>@emma Yes, it's the same, and the mitigation is exactly what I was recommending.

]]>https://board.circlewithadot.net/post/https://hachyderm.io/users/dalias/statuses/116535152527230808https://board.circlewithadot.net/post/https://hachyderm.io/users/dalias/statuses/116535152527230808Thu, 07 May 2026 20:21:50 GMT<![CDATA[Reply to FFS again?? on Thu, 07 May 2026 20:20:40 GMT]]>@emma Looking. I think this is the same vuln.

]]>https://board.circlewithadot.net/post/https://hachyderm.io/users/dalias/statuses/116535147953269619https://board.circlewithadot.net/post/https://hachyderm.io/users/dalias/statuses/116535147953269619Thu, 07 May 2026 20:20:40 GMT<![CDATA[Reply to FFS again?? on Thu, 07 May 2026 20:16:27 GMT]]>@dalias okay, I'm not a kernel person, should we be applying the mitigation described here, or something similar? https://github.com/V4bel/dirtyfrag Or do I go back to MacOS until there's a fix?

]]>https://board.circlewithadot.net/post/https://orbital.horse/users/emma/statuses/116535131335938934https://board.circlewithadot.net/post/https://orbital.horse/users/emma/statuses/116535131335938934Thu, 07 May 2026 20:16:27 GMT