From owner-freebsd-hackers Sun Nov 9 01:47:17 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id BAA27291 for hackers-outgoing; Sun, 9 Nov 1997 01:47:17 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from unix.tfs.net (root@unix.tfs.net [199.79.146.60]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id BAA27285 for ; Sun, 9 Nov 1997 01:47:06 -0800 (PST) (envelope-from jbryant@argus.tfs.net) Received: from argus.tfs.net (pm3-p2.tfs.net [206.154.183.194]) by unix.tfs.net (8.8.5/8.8.5) with ESMTP id DAA16226; Sun, 9 Nov 1997 03:45:27 -0600 Received: (from jbryant@localhost) by argus.tfs.net (8.8.7/8.8.5) id DAA05798; Sun, 9 Nov 1997 03:46:38 -0600 (CST) From: Jim Bryant Message-Id: <199711090946.DAA05798@argus.tfs.net> Subject: Re: Newest Pentium bug (fatal) In-Reply-To: <199711090823.BAA18550@usr06.primenet.com> from Terry Lambert at "Nov 9, 97 08:23:22 am" To: tlambert@primenet.com (Terry Lambert) Date: Sun, 9 Nov 1997 03:46:31 -0600 (CST) Cc: freebsd-hackers@freebsd.org, jamesbryant@sprintmail.com Reply-to: jbryant@tfs.net X-Windows: R00LZ!@# MS-Winbl0wz DR00LZ!@# X-Operating-System: FreeBSD 2.2.2-RELEASE #0: Wed Jul 9 01:01:24 CDT 1997 X-Mailer: ELM [version 2.4ME+ PL31H (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In reply: > > For Windows users this bug should not be much of a problem unless viruses > > start popping up taking advantage of the bug. For FreeBSD it is not very > > comforting to know that any misbehaving user can lock up your shell > > machine, but in a controlled environment this should not be a problem. > > A virus isn't the only way it could be done. the list of ways this could be used is too long to enumerate... > A Windows user's ISP could be denial of service attacked using the bug, > so it could affect them. > > Active X, anyone? > > Microsoft made their JAVA capable of calling x86 code (makes it possible > to write java wrappers for ActiveX code that isn't security checked for > a VeriSign key, right?). Apparent;y Sun was right about it being a > mistake for Microsoft to do this. 8-) 8-). bill gets bit on the butt again... every security expert in the industry tells bill he's stupid, but does he listen... we are talking about a man who wants to bypass the standards process rather than be a part of it... > Word Macros? Excel Macros? Help files? Email attachments? Screen > savers? Desktop Themes? > > > The default for the system directory on Windows NT is world writeable; > it seems to me many NT file servers are at risk (not that they weren't > at risk without tuning anyway). I'd say "all", but of course NT runs > on non-Intel machines... ;-). ^^^^^^^^^^^^^^^^^^^^^ heheh, barely, AXP, MIPS, cases in point.... scary stuff, eh... RECALL RECALL RECALL [as in TOTAL RECALL] i don't know why i didn't mention this in my earlier post with the disassembly info: could it be possible that intel is lying about finding out about this on friday... a pentium specific instuction, compatable with the LOCK prefix, but not tested... a pentium specific instruction to compare and exchange a set of quadword values IN 10 CLOCKS, but not tested... of all of the instructions specific to pentium and above classes of processors, this is one i would consider highly desirable to use, and thus should be one of the most extensively tested. once 486 backward compatability is tossed out the door, this will be an extensively used instruction. for a full description of the instruction, please see pp. 25-72 and 25-73 of intel's "Pentium Processor Family Developer's Manual, Volume 3: Archetecture and Programming Manual". this reeks. can you say coverup? do i recall reading on this list that ppro or p-ii cpus generate an exception on this? this would indicate quite probably that they found out about this LONG before friday. if my hunch is correct, i hope this bites them on the butt. i don't know about you, but i bought a cpu that would "RUN TOMORROW'S SOFTWARE TODAY". i don't buy intel's ass-covering story that they just learned about this... RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL RECALL jim -- All opinions expressed are mine, if you | "I will not be pushed, stamped, think otherwise, then go jump into turbid | briefed, debriefed, indexed, or radioactive waters and yell WAHOO !!! | numbered!" - #1, "The Prisoner" ------------------------------------------------------------------------------ Inet: jbryant@tfs.net AX.25: kc5vdj@wv0t.#neks.ks.usa.noam grid: EM28pw voice: KC5VDJ - 6 & 2 Meters AM/FM/SSB, 70cm FM. http://www.tfs.net/~jbryant ------------------------------------------------------------------------------ HF/6M/2M: IC-706-MkII, 2M: HTX-212, 2M: HTX-202, 70cm: HTX-404, Packet: KPC-3+