From owner-freebsd-hackers  Sun Nov  9 15:56:12 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id PAA15897
          for hackers-outgoing; Sun, 9 Nov 1997 15:56:12 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from srv.net (snake.srv.net [199.104.81.3])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA15888
          for <hackers@FreeBSD.ORG>; Sun, 9 Nov 1997 15:56:08 -0800 (PST)
          (envelope-from cmott@srv.net)
Received: from darkstar.home (tc-if2-33.ida.net [208.141.171.90])
	by srv.net (8.8.7/8.8.5) with SMTP id QAA16103;
	Sun, 9 Nov 1997 16:33:00 -0700 (MST)
Date: Sun, 9 Nov 1997 16:32:27 -0700 (MST)
From: Charles Mott <cmott@srv.net>
X-Sender: cmott@darkstar.home
To: Chuck Robey <chuckr@glue.umd.edu>
cc: "Jamil J. Weatherbee" <jamil@trojanhorse.ml.org>,
        mika ruohotie <bsdhack@shadows.aeon.net>, perlsta@cs.sunyit.edu,
        freebsd@atipa.com, hackers@FreeBSD.ORG
Subject: Re: IDT processors?
In-Reply-To: <Pine.BSF.3.96.971109164923.27308B-100000@picnic.mat.net>
Message-ID: <Pine.BSF.3.96.971109160819.24666B-100000@darkstar.home>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, 9 Nov 1997, Chuck Robey wrote:
> Much of the performance improvement that's gone into _all_ modern CPUs is
> dealing with pipelining, branch prediction, superscaling, all of which are
> great places for subtle bugs.  The inter-instruction dependencies can
> drive you to drink.  Seeing as we never noticed the bug at all, until a
> few days ago, I can't see it's too much of a killer.  I don't like it
> much, but painting Intel as a big villain because of that is nonsensical.
> Clearly, if it was that much of a major thing, you'd have noticed it
> before now.  There are better reasons to dump on Intel, that make much
> more sense than this one.

I think that crackers with shell accounts probably have been able to crash
machines without benefit of the Pentium bug for some time now, although
this latest exploit is simple and has the danger of becoming a fad.

I think this could be bad for Intel, although I agree with you that it is
wrong to paint them as the villain here.  One can hope that rational
thought will prevail.

Generally speaking, if one allows users to execute arbitrary object code,
there is always a crash risk.  I think crackers are much more interested
in exploits that either directly or indirectly lead to root access (packet
eavesdropping, tcp hijacking, symlink attacks, stack overflow, race
conditions, etc.) than simple denial-of-service attacks.

Charles Mott