From owner-freebsd-hackers@FreeBSD.ORG Fri Jul 13 17:26:25 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 39AFB1065670; Fri, 13 Jul 2012 17:26:25 +0000 (UTC) (envelope-from lacombar@gmail.com) Received: from mail-wg0-f42.google.com (mail-wg0-f42.google.com [74.125.82.42]) by mx1.freebsd.org (Postfix) with ESMTP id 97E768FC0C; Fri, 13 Jul 2012 17:26:24 +0000 (UTC) Received: by wgbfm10 with SMTP id fm10so763211wgb.1 for ; Fri, 13 Jul 2012 10:26:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=pOPRXGNhfSK6Aj50SumfEL2hKZTdRJ6XeMxBWXeIxWI=; b=qqt5mkQmPeZ5yj/HEWYi1ADClmuU3z3aT+EFy6SRzIujD9IerA7UEwzBZW/YEfs28p TpmR6Aw5vVW1kb0V8ZXXi4dI9H9d1/lBUYYnOJJ2HMlCVR/rtcQ8IZse0gamtSAwqJav oKkmh1j952s71eTUxmTAoskISY+T24uXfmqYkQDqtV2t6yEjf/LDNGnlqbZwII3Q/snX KCDeR5apjDESJb4ErKOjuJhOozEKXC3FfuncW38bBZxNd3zvk5kDS7iOhfCrWOrlv1YU iVmDgh5PFD7BJrrFhY9NYkcFTnEgTF7OyjxAXGCKMk0dG1JHzDYjpUSL0lWj/lhert/V kkcA== MIME-Version: 1.0 Received: by 10.217.3.209 with SMTP id r59mr1025259wes.108.1342200378516; Fri, 13 Jul 2012 10:26:18 -0700 (PDT) Received: by 10.216.23.200 with HTTP; Fri, 13 Jul 2012 10:26:18 -0700 (PDT) In-Reply-To: <201207131102.14379.jhb@freebsd.org> References: <44644.1342190524@critter.freebsd.dk> <201207131102.14379.jhb@freebsd.org> Date: Fri, 13 Jul 2012 13:26:18 -0400 Message-ID: From: Arnaud Lacombe To: John Baldwin Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-hackers@freebsd.org, Poul-Henning Kamp , Bill Crisp Subject: Re: CVE-2012-0217 Intel's sysret Kernel Privilege Escalation and FreeBSD 6.2/6.3 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jul 2012 17:26:25 -0000 Hi, On Fri, Jul 13, 2012 at 11:02 AM, John Baldwin wrote: > On Friday, July 13, 2012 10:42:04 am Poul-Henning Kamp wrote: >> In message <201207130831.59211.jhb@freebsd.org>, John Baldwin writes: >> >> >Every FreeBSD/amd64 kernel in existent is vulnerable. In truth, my > personal >> >opinion is that Intel screwed up their implementation of that instruction >> >whereas AMD got it right, and we are merely working around Intel's CPU bug. > :( >> >> Given that the instruction set of AMD64 is defined by AMD originally, >> while Intel was trying very hard to ram Itanic down everybodys >> throat, that diagnosis is a given: Intel copied AMD, and difference >> in functionality is a screwup on Intels part, even if they documented >> their screwup in their manual. >> >> TL;DR: Which part of "compatible" doesn't Intel get ? > > In this case, I believe they were just lazy and reused some existing block to > manage this exception case without properly thinking through the security > implications of using a user-supplied stack pointer to handle a fault. > Just as FreeBSD's developers were lazy when new-bus was designed ? Honestly, what's the point of this rock throwing and ad-hominem attacks ? I could start throwing a few more CVE-2009-2936 or CVE-2009-4488; just to point out nobody's perfect... - Arnaud