From owner-freebsd-hackers Thu Nov 13 21:04:37 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id VAA24523 for hackers-outgoing; Thu, 13 Nov 1997 21:04:37 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from kithrup.com (kithrup.com [205.179.156.40]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id VAA24516 for ; Thu, 13 Nov 1997 21:04:33 -0800 (PST) (envelope-from sef@kithrup.com) Received: (from sef@localhost) by kithrup.com (8.8.7/8.8.7) id VAA06875; Thu, 13 Nov 1997 21:04:20 -0800 (PST) (envelope-from sef) Date: Thu, 13 Nov 1997 21:04:20 -0800 (PST) From: Sean Eric Fagan Message-Id: <199711140504.VAA06875@kithrup.com> To: hackers@freebsd.org Reply-To: hackers@freebsd.org Subject: Re: Pentium Bug to be ignored -- say it ain't so In-Reply-To: <346BCB5F.E8C4F50F.kithrup.freebsd.hackers@kew.com> References: <199711132030.MAA16638@kithrup.com> Organization: Kithrup Enterprises, Ltd. Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article <346BCB5F.E8C4F50F.kithrup.freebsd.hackers@kew.com> you write: >I was under the impression that the FreeBSD core team took support of web >servers and the like very seriously. For anyone to take the opinion that >such an obvious Denial of Service attack is not something to worry about is >at best unfortunate, and seriously conflicts with my believe about the >seriousness of the support of FreeBSD. This is what Jordan posted to the net. In email, he explained that, should a FreeBSD version of the linux workaround be checked in, it would immediately be removed. As I have said: I know someone who was affected by this. Fortunately, he wasn't running FreeBSD, and his OS vendor did supply a patch. Of course, that vendor is not a free-software vendor, and so was able to sign Intel's presumed NDA, which the free software folks could not. Note his declaration that this is "hardly a critical emergency". And that he assumes BSDi has thrown out their solution -- which I haven't heard them say at all. (I don't know why BSDi withdrew their patch; I can think of several reasons, actually. And SCO has not, to the best of my knowledge, withdrew *their* patch.) From: "Jordan K. Hubbard" Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: Pentium bug: FreeBSD workaround ? Date: Thu, 13 Nov 1997 08:13:31 -0800 Message-ID: <346B272B.167EB0E7@FreeBSD.org> [posted and mailed] Timo J Rinne wrote: > You understood wrong. The patch makes idt entries 0-6 to point to > unmapped space. Then pagefault handler resolves, whether it's really > a pagefault or should it forward call to the corresponding exception > handler. > > The patch should go into machdep.c and locore.s or trap.c in > /sys/i386/i386 and it of course should be optional. > > Is someone working on this or should I do it? Well, several things to note here: 1. BSDI would appear to have *withdrawn* the patch which they released to great fanfare yesterday. This is disturbing and merits closer attention before we make any moves ourselves. 2. Our principal architect has reviewed the Linux patch that someone forwarded to us and he considers it, to use his own words, "a totally disgusting hack." Let's make sure that in our haste to deal with this latest political football, we don't come up with a cure that's worse than the disease. I also hasten to note that I've yet to hear *any* reports of serious DoS attacks stemming from this bug, this being in all likelyhood another FDIV-type situation where people who wouldn't be affected in a million years by the bug are nonetheless steaming about it as if Intel had shot their dog and raped their mothers. I think folks need to put this in perspective and stop this silly scare-mongering over it - this is hardly a critical emergency and I suspect that many of the folks who are racing to implement a solution simply so that they can claim the dubious distinction of "solving it first" are only going to end up going back over their fixes later, perhaps to do as BSDI has done in throwing out the first attempt. Let's at least wait for Intel to release full details of their proposed work-around in a day or two as they've promised, eh? Again, if I were hearing anguished cries from the ISPs about this then it would be a different matter, but I haven't heard so much as a squeak from them and this would all appear to be simply another chicken little episode, with various people running around flapping and squawking simply because it makes them feel important to be given the opportunity to run around and flap about something. :-) -- - Jordan Hubbard FreeBSD core team / Walnut Creek CDROM.