Intel processor design flaw requiring ROS kernel mode change

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

dizt3mp3r
Posts: 1508
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r » Thu Jan 04, 2018 4:32 pm

Fraizeraust wrote: This hardware bug will also affect ReactOS, no doubt. The main question is, do we have an active kernel developer who can tackle this critical flaw for the better?
Alex ionescu is quoted on the register so I assume it is in the pipeline already?
Skillset: VMS sysadmin 20 years, fault Tolerance, cluster, Vax, Alpha, ftSparc. DCL, QB45, VB6, NET, PHP, JS, CMS, Graphics, Project Manager, DOS, Windows admin from 1985. Quad Electronics. Classic cars & motorbikes. Artist watercolours. Historian.

dizt3mp3r
Posts: 1508
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r » Thu Jan 04, 2018 4:43 pm

https://googleprojectzero.blogspot.co.u ... -side.html

Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz (called "Intel Haswell Xeon CPU" ...)
AMD FX(tm)-8320 Eight-Core Processor (called "AMD FX CPU" ...)
AMD PRO A8-9600 R7, 10 COMPUTE CORES 4C+6G (called "AMD PRO CPU" ...)
An ARM Cortex A57 core of a Google Nexus 5x phone [6] (called "ARM Cortex A57" ...)

These are the CPUs tested by Google team that announced the vulnerability but the exploit is not limited to these CPUs.
Skillset: VMS sysadmin 20 years, fault Tolerance, cluster, Vax, Alpha, ftSparc. DCL, QB45, VB6, NET, PHP, JS, CMS, Graphics, Project Manager, DOS, Windows admin from 1985. Quad Electronics. Classic cars & motorbikes. Artist watercolours. Historian.

Adcock
Posts: 236
Joined: Thu Jul 07, 2016 5:37 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by Adcock » Thu Jan 04, 2018 5:23 pm

dizt3mp3r wrote: FYI Latest news would imply that even dual core CPUs prior to 2007 would also be affected by the same weakness/potential exploit. This particular functionality has been used in Intel CPUs since 1995.
Thanks. That's not exactly the answer but if that is the thing then the answer matters less.

What is the meaning of FYI, PS, PPS, re?
Last edited by Adcock on Thu Jan 04, 2018 5:45 pm, edited 2 times in total.

dizt3mp3r
Posts: 1508
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r » Thu Jan 04, 2018 5:35 pm

FYI - for your information
P.S. Post Script (latin) - an extra sentence not necessarily in context with the rest of the note, added to the end, abbreviated often to PS.
P.P.S Post-post script, abbreviated often to PPS.

Apologies for their usage, I automatically assume understanding as these are part of normal English usage but I do appreciate some of these things are arcane and not so easy to guess.
Skillset: VMS sysadmin 20 years, fault Tolerance, cluster, Vax, Alpha, ftSparc. DCL, QB45, VB6, NET, PHP, JS, CMS, Graphics, Project Manager, DOS, Windows admin from 1985. Quad Electronics. Classic cars & motorbikes. Artist watercolours. Historian.

dizt3mp3r
Posts: 1508
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r » Thu Jan 04, 2018 9:44 pm

FYI - Browser developers such as firefox are reducing the accuracy of timing functions as precise timing is required to exploit the Intel CPU side exploit flaw, reduction in timer accuracy means that drive-by web based exploits would be harder to carry out using javascript on the web. Other browser developers are considering a similar change as a temporary measure to help prevent any exploit in the wild.

This of course is only a temporary fix and does not mitigate all the other attack directions be it browser-based, app, driver or program.
Last edited by dizt3mp3r on Thu Jan 04, 2018 9:52 pm, edited 1 time in total.
Skillset: VMS sysadmin 20 years, fault Tolerance, cluster, Vax, Alpha, ftSparc. DCL, QB45, VB6, NET, PHP, JS, CMS, Graphics, Project Manager, DOS, Windows admin from 1985. Quad Electronics. Classic cars & motorbikes. Artist watercolours. Historian.

dizt3mp3r
Posts: 1508
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r » Thu Jan 04, 2018 9:51 pm

Fraizeraust wrote: This hardware bug will also affect ReactOS, no doubt. The main question is, do we have an active kernel developer who can tackle this critical flaw for the better?
Another reason why we should not currently be recommending 'using' ReactOS to anyone on real hardware until such a change is implemented - just a thought.

Whilst on the subject of installing ReactOS, I wonder what the implications are of running an insecure o/s that has an unpatched kernel as a virtual o/s on a host that has a vulnerable Intel cpu. I've heard that when this bug was discovered on Linux hypervisors the virtual o/s was able to access the host's kernel memory... That is frightening and it implies that ReactOS or any unpatched o/s is a potential trojan horse for an exploit. I don't mind being wrong on this, it is just a point of discussion that I feel needs to be opened...
Skillset: VMS sysadmin 20 years, fault Tolerance, cluster, Vax, Alpha, ftSparc. DCL, QB45, VB6, NET, PHP, JS, CMS, Graphics, Project Manager, DOS, Windows admin from 1985. Quad Electronics. Classic cars & motorbikes. Artist watercolours. Historian.

val
Posts: 69
Joined: Fri Feb 10, 2017 5:22 am

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by val » Thu Jan 04, 2018 10:05 pm

That is frightening and it implies that ReactOS or any unpatched o/s is a potential trojan horse for an exploit. I don't mind being wrong on this, it is just a point of discussion that I feel needs to be opened...
it's the same as with the OS vs. user process situation. because 1) the problem is in the wrong handling of speculatively executed instructions by CPU. it doesn't pay attention to the access violation in the way it should, letting an attacker to get the idea of what data has been read from places he/she shouldn't ba able to do. it equally applies to the Hypervisor/OS interface as to the OS/user process interface. and 2) virtualization never ever gave any additional security, it's a stupid pseudotechnology extensively abused for absolutely inappropriate goals. thanks to it, now patched and slown down Windows/linux (or VaporWare, Hyper-V, whatever-hyper-overhyped(TM)) host will be running patched and slown down linux/windows... of course the performance penalty will be *negligible*.

dizt3mp3r
Posts: 1508
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r » Thu Jan 04, 2018 10:51 pm

It is frightening as many will not appreciate the potential for Trojan Horse Exploits.

Most would assume that running as a virtual o/s in a VM is a suitable sandbox that protects the host o/s from any exploit.

Intel have really screwed up.

PS. Look Val - we can talk! :)
Skillset: VMS sysadmin 20 years, fault Tolerance, cluster, Vax, Alpha, ftSparc. DCL, QB45, VB6, NET, PHP, JS, CMS, Graphics, Project Manager, DOS, Windows admin from 1985. Quad Electronics. Classic cars & motorbikes. Artist watercolours. Historian.

dizt3mp3r
Posts: 1508
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r » Thu Jan 04, 2018 10:52 pm

Here is the statement from AMD: http://www.amd.com/en/corporate/speculative-execution

Variant One Bounds Check Bypass Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.

Variant Two Branch Target Injection Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.

Variant Three Rogue Data Cache Load Zero AMD vulnerability due to AMD architecture differences.
Skillset: VMS sysadmin 20 years, fault Tolerance, cluster, Vax, Alpha, ftSparc. DCL, QB45, VB6, NET, PHP, JS, CMS, Graphics, Project Manager, DOS, Windows admin from 1985. Quad Electronics. Classic cars & motorbikes. Artist watercolours. Historian.

middings
Posts: 1011
Joined: Tue May 07, 2013 9:18 pm
Location: California, USA

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by middings » Thu Jan 04, 2018 11:23 pm

CERT Vulnerability Notes Database wrote:Vulnerability Note VU#584653
CPU hardware vulnerable to side-channel attacks

Original Release date: 03 Jan 2018 | Last revised: 04 Jan 2018

Overview

CPU hardware implementations are vulnerable to side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre.
Before the revision, the recommended solution was to replace the CPU with an unaffected CPU. That probably sowed fear and panic throughout the IT and device industries.

dizt3mp3r
Posts: 1508
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r » Thu Jan 04, 2018 11:28 pm

ARM's response

https://developer.arm.com/support/security-update

Bu@@er - my old iphone 4 has the exploit...
Skillset: VMS sysadmin 20 years, fault Tolerance, cluster, Vax, Alpha, ftSparc. DCL, QB45, VB6, NET, PHP, JS, CMS, Graphics, Project Manager, DOS, Windows admin from 1985. Quad Electronics. Classic cars & motorbikes. Artist watercolours. Historian.

dizt3mp3r
Posts: 1508
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r » Fri Jan 05, 2018 12:20 am

This is the best summary I have found so far: https://www.theregister.co.uk/2018/01/0 ... erability/
Skillset: VMS sysadmin 20 years, fault Tolerance, cluster, Vax, Alpha, ftSparc. DCL, QB45, VB6, NET, PHP, JS, CMS, Graphics, Project Manager, DOS, Windows admin from 1985. Quad Electronics. Classic cars & motorbikes. Artist watercolours. Historian.

oldman
Posts: 1075
Joined: Sun Dec 20, 2009 1:23 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by oldman » Fri Jan 05, 2018 10:28 am

Please keep the Windows classic (9x/2000) look and feel.
The layman's guides to - debugging - bug reporting - compiling - with some complementary scripts.
They may help you with a problem, so do have a look at them.

Fraizeraust
Posts: 230
Joined: Thu Jan 05, 2017 11:46 am
Location: Italy
Contact:

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by Fraizeraust » Fri Jan 05, 2018 3:32 pm

Here are the results by Speculation-Control module.
Image
It turns out the update by Microsoft Windows doesn't do anything to mitigate the Meltdown and Spectre bug. Looks like I need to update both the firmware and the BIOS as well however I'm scared that it will brick my Toshiba Satellite C660 rendering it un-bootable... :(

Anybody else knows how can I update the BIOS safely?

Fraizeraust
Posts: 230
Joined: Thu Jan 05, 2017 11:46 am
Location: Italy
Contact:

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by Fraizeraust » Fri Jan 05, 2018 4:48 pm

Welp, looks like I'm completely f*cked up. Went through Toshiba Support web page looking for newest BIOS update but the latest one is from 2012... Hopefully Toshiba will release a update if not, then I'm screwed.

Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot], DotBot [Crawler] and 4 guests