freebsd security - Jan 2018 - Intel hardware bug

On 01/03/2018 14:48, Ronald F. Guilmette wrote:
> 
> In message <477ab39d-286d-d9a2-d31e-fd5f7f1679a8 at sentex.net>, 
> Mike Tancsa <mike at sentex.net> wrote:
> 
>> I am guessing this will impact FreeBSD as well ?
>>
>> http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
> 
> Swell.  Just swell.
> 
> Why couldn't this have been announced the week -before- I bought an
Intel
> processor and motherboard to replace my aging AMD rig, rather than the week
> -after- I did so?
> 
> Geeeesssh!
Wait until Tuesday before you explode.  Intel are now saying that it's
not a "bug" in Intel CPUs.

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

Eric

> On Jan 3, 2018, at 11:59 AM, Eric van Gyzen <vangyzen at FreeBSD.org>
wrote:
> 
> On 01/03/2018 14:48, Ronald F. Guilmette wrote:
>> 
>> In message <477ab39d-286d-d9a2-d31e-fd5f7f1679a8 at sentex.net>,
>> Mike Tancsa <mike at sentex.net> wrote:
>> 
>>> I am guessing this will impact FreeBSD as well ?
>>> 
>>> http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>> 
>> Swell.  Just swell.
>> 
>> Why couldn't this have been announced the week -before- I bought an
Intel
>> processor and motherboard to replace my aging AMD rig, rather than the
week
>> -after- I did so?
>> 
>> Geeeesssh!
> 
> Wait until Tuesday before you explode.  Intel are now saying that it's
> not a "bug" in Intel CPUs.
> 
>
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
> 
> Eric
It looks more like they are playing fast and loose with words.  From the article
you linked:

	Intel believes these exploits do not have the potential to corrupt, modify or
delete data.

and

	Recent reports that these exploits are caused by a ?bug? or a ?flaw? and are
unique to Intel products are incorrect.

They did not say it is *NOT* a bug, just that it is not a bug unique to Intel.
I?ve not seen speculation regarding the ?bug? being able to corrupt, modify, or
delete data, I?ve only seen speculation that the bug allows unprivileged
processes to see privileged memory/cache.

Additionally, they indirectly imply that both AMD and ARM chips are affected by
the same bug, however this is, at least in AMD?s case, appears to be directly
refuted by a patch submitted to the Linux kernel by AMD:

	https://lkml.org/lkml/2017/12/27/2 <https://lkml.org/lkml/2017/12/27/2>

	AMD processors are not subject to the types of attacks that the kernel
	page table isolation feature protects against.  The AMD microarchitecture
	does not allow memory references, including speculative references, that
	access higher privileged data when running in a lesser privileged mode
	when that access would result in a page fault.

	Disable page table isolation by default on AMD processors by not setting
	the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
	is set.

Since other statements are misleading, it could be that the ?workloads? being
described  could be a hibernated laptop; a halted firewall (where the
firewall/routing rules are still running in the kernel); a lightweight user who
only uses e-mail and facebook; etc:

	Contrary to some reports, any performance impacts are workload-dependent,
	and, for the average computer user, should not be significant and will be
mitigated
	over time.

Finally their belief of being the most secure products in the world and actual
reality may differ:

	Intel believes its products are the most secure in the world and that, with the
support of
	its partners, the current solutions to this issue provide the best possible
security for its
	customers.

I generally read a company?s press releases in response to negative publicity
with the assumption that they are not lying, but are obfuscating the truth or
dancing around an issue in order to cast themselves in the best possible light. 
The proof that this tactic works is that Eric interpreted the release to say
that there is not a bug in Intel?s hardware instead of Intel is one of many
vendors whose product has this bug (though this remains to be seen).

?David M. Syzdek

In message <02563ce4-437c-ab96-54bb-a8b591900ba0 at FreeBSD.org>, 
Eric van Gyzen <vangyzen at FreeBSD.org> wrote:
>Wait until Tuesday before you explode.  Intel are now saying that it's
>not a "bug" in Intel CPUs.
Right.  "That's not a bug!  That's a feature!"

I say again:  Sheeeeeeeessssshhh!

Just within the last three months, we first had:

     "All your WPA2 WiFi are belong to us!"

and now, to add insult to injury, we get:

     "All your Intel *and* ARM CPUs are belong to us!"

Obviously, the enemy is what it has always been... complexity.  All this stuff
is just so hellishly complex nowadays that no single human can grasp and hold
even a significant fraction of these things in their minds at any one time.
The result is as inevitable as it is predictable.  Our machines are making us
substantially *less* secure.

But I guess that I personally don't have nearly as much reason to bitch and
moan as, for example, any origanization that managed or is managing some vast
fleet of WiFi hardware (HomeDepot?), or any of the cloud computing vendors who
have just seen perhaps 30% of their installed compute power go up in smoke,
virtually overnight.  If anybody has ample reason to be royally pissed off
about all of this nonsense, then it is surely those folks, more than me.


Regards,
rfg


P.S.  Right about now, I'd like to have a job working for whichever big ad
agency has the AMD account.  The ad copy for AMD's next marketing campaign 
practically writes itself... "Performance without penality!"

On Wednesday, January 03, 2018 02:59:35 PM Eric van Gyzen wrote:
> 
> Wait until Tuesday before you explode.  Intel are now saying that it's
> not a "bug" in Intel CPUs.
> 
>
https://newsroom.intel.com/news/intel-responds-to-security-research-findings
> /
Bogus tripe. They're spreading FUD.

-- 
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550