From owner-freebsd-security@FreeBSD.ORG Sat May 14 07:06:31 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 57A0916A4CE for ; Sat, 14 May 2005 07:06:31 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1ED643D81 for ; Sat, 14 May 2005 07:06:30 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so497540rng for ; Sat, 14 May 2005 00:06:30 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=WNmm+xin3HHzOo+Le4J/yU0u/vZ0akiuqKRvDN/sCwwaltCTY2Lm/3BrkFcM97ZvkHz/B7XIHInXWKT3IWh/BYjw4On8YIyJ+glzFc4jbFCzP85lg89Q8e0X2IuKiIPEbGlNRQWvD98Z5TJkb1xiq81H3tGhHQl08F1wUULevcA= Received: by 10.38.71.27 with SMTP id t27mr1856768rna; Sat, 14 May 2005 00:06:30 -0700 (PDT) Received: by 10.39.1.30 with HTTP; Sat, 14 May 2005 00:06:30 -0700 (PDT) Message-ID: <3aaaa3a050514000629cc8427@mail.gmail.com> Date: Sat, 14 May 2005 08:06:30 +0100 From: Chris To: "Drew B. [Security Expertise/Freelance Security research]." In-Reply-To: <245f0df105051322354e8e86eb@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <245f0df105051318564b1ffb6b@mail.gmail.com> <94145.1116037219@critter.freebsd.dk> <245f0df105051322354e8e86eb@mail.gmail.com> cc: freebsd-security@freebsd.org cc: Poul-Henning Kamp Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Chris List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2005 07:06:31 -0000 I am somewhat confused by applying the patch, does this disable HTT functionality? or does a patched server close the issue and keep HTT enabled? Chris On 5/14/05, Drew B. [Security Expertise/Freelance Security research]. wrote: > The political problem is that if all operating systems do that, > Intel has a pretty dud feature on their hands, and they are not > particularly eager to accept that fact. >=20 > Hehehe... I cannot help but giigle abit, I didnt think this went that > deep :o , definately interesting stuff regarding the future of HT and > O/S Types,ty even though the answer may help someone else more, > Regards, > Drew B. >=20 > (Enlightening myself to inspire others is my answer to everything *No-Com= ment*) >=20 >=20 > On 5/14/05, Poul-Henning Kamp wrote: > > In message <245f0df105051318564b1ffb6b@mail.gmail.com>, "Drew B. [Secur= ity Expe > > rtise/Freelance Security research]." writes: > > > > >this sounds like trying to solve in the OS a problem that can only > > >be solved in the application. Is there something more subtle > > >that's going on? > > > > Well, the application could theoretically do something and Colin > > advocated it this morning: make the crypto code footprint data > > and key independent. While possible, it is both very tricky to > > do (in particular in highlevel languages) and generally found > > to be much slower than speed-optimized code. > > > > And while that could solve the immediate panic with OpenSSL and > > similar, it does not solve the general problem that you can spy > > very efficiently on the behaviour of another program. > > > > The fact that one user would be able to spy on another users editor > > application and be able to extract for instance the word lengths > > and layout of a document would also be considered a major security > > problem in many installations. > > > > Or how about just being able to monitor another customers apache > > instance to figure out how much traffic they get and which pages > > they get it on ? > > > > The fundamental trouble is that HTT makes the spying far more > > efficient than it is with SMP or even UP (I think we are talking > > in the order of a million times more efficient). > > > > That takes the attack from the "if you were really lucky" to the > > "almost always in first try" category. > > > > The correct (technical) workaround (IMO) is to restrict HTT to be > > used only for threads from the same process. > > > > The political problem is that if all operating systems do that, > > Intel has a pretty dud feature on their hands, and they are not > > particularly eager to accept that fact. > > > > Poul-Henning > > > > -- > > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > > phk@FreeBSD.ORG | TCP/IP since RFC 956 > > FreeBSD committer | BSD since 4.3-tahoe > > Never attribute to malice what can adequately be explained by incompete= nce. > > >=20 > -- > -------------------------------------------------------------------- > Drew B. > Independant Security analysis,for Aussies. > Security researcher/expert,threat-focus,Freelance. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" >