This morning I received this message from the list gnu-win32@cygnus.com: The sender was anonymous> > There is a SERIOUS bug in all pentium CPUs. The following > code will crash any machine running on a pentium CPU, MMX or no > MMX, any speed, regardless of OS (crash as in instant seize, hard > reboot the only cure): > > char x [5] = { 0xf0, 0x0f, 0xc7, 0xc8 }; > > main () > { > void (*f)() = x; > f(); > } > > This require no special permissions to run, it works fine with > average-joe-userspace permissions. I have verified this, it works. > Demand a new CPU from Intel. >Curious, I compiled that under Linux OS. Linux freezed. Dead. Without *any* warning. My machine is a Genuine Intel 166 MHZ Pentium MMX. Then I rebooted Windows NT. Compiled it with my compiler system (lcc-win32). Windows NT freezed. DEAD. Without *any* warning. Then, I ported the code to my old faithful 486-DX33 with linux. Compiled it. When it run it traps with ''illegal instruction'' This means that anybody can crash anytime any OS that runs under a Pentium CPU. As the poster said, no special permissions are needed, the pentium runs under ring 3 permissions!!!! This means that no secure system can ever be built that uses the pentium CPU. No protected system. The OS receives NO TRAP!!! This is absolutely incredible. Bugs are impossible to avoid. Not even with huge corporations like Intel. I will *not* start screaming at Intel now. Myself, I have done more bugs than Intel ever will. As somene said before: Those that are free of sin, throw the first stone... For any user of pentium cpus in a multiuser system this means that anybody that can execute a program can freeze the system dead. I repeat: NO ROOT PERMISSIONS ARE NEEDED. -- Jacob Navia Logiciels/Informatique 41 rue Maurice Ravel Tel (1) 48.23.51.44 93430 Villetaneuse Fax (1) 48.23.95.39 France
Joachim Ott
1997-Nov-10 02:58 UTC
Re: [linux-security] pentium bug makes security under linux impossible
In article <mng==m0xUFcS-000ALXC@jacob.remcomp.fr> you write:> >This morning I received this message from the list gnu-win32@cygnus.com: >The sender was anonymous > >> >> There is a SERIOUS bug in all pentium CPUs. The following >> code will crash any machine running on a pentium CPU, MMX or no >> MMX, any speed, regardless of OS (crash as in instant seize, hard >> reboot the only cure): >> >> char x [5] = { 0xf0, 0x0f, 0xc7, 0xc8 }; >> >> main () >> { >> void (*f)() = x; >> f(); >> } >> >> This require no special permissions to run, it works fine with >> average-joe-userspace permissions. I have verified this, it works. >> Demand a new CPU from Intel. >> > >Curious, I compiled that under Linux OS. Linux freezed. Dead. >Without *any* warning. > >My machine is a Genuine Intel 166 MHZ Pentium MMX.Does it freeze without the LOCK instruction (0xf0) too? (Intel meant "lock bus" and not "lock machine" with that instruction) If not, does the Pentium generate an exception (like an 80386), when it executes a LOCK and CPL is greater IOPL? It could be a workaround then to let a user process execute at CPL 3 and IOPL 2.