linux security - Nov 1997 - pentium bug makes security under linux impossible

This morning I received this message from the list gnu-win32@cygnus.com:
The sender was anonymous
>
> There is a SERIOUS bug in all pentium CPUs. The following
> code will crash any machine running on a pentium CPU, MMX or no
> MMX, any speed, regardless of OS (crash as in instant seize, hard
> reboot the only cure):
>
> char x [5] = { 0xf0, 0x0f, 0xc7, 0xc8 };
>
> main ()
> {
>        void (*f)() = x;
>        f();
> }
>
> This require no special permissions to run, it works fine with
> average-joe-userspace permissions. I have verified this, it works.
> Demand a new CPU from Intel.
>
Curious, I compiled that under Linux OS. Linux freezed. Dead.
Without *any* warning.

My machine is a Genuine Intel 166 MHZ Pentium MMX.

Then I rebooted Windows NT. Compiled it with my compiler system (lcc-win32).
Windows NT freezed. DEAD. Without *any* warning.

Then, I ported the code to my old faithful 486-DX33 with linux. Compiled it.
When it run it traps with ''illegal instruction''

This means that anybody can crash anytime any OS that runs under a Pentium CPU.
As the poster said, no special permissions are needed, the pentium runs under
ring 3 permissions!!!!

This means that no secure system can ever be built that uses the pentium CPU. No
protected system. The OS receives NO TRAP!!!

This is absolutely incredible.

Bugs are impossible to avoid. Not even with huge corporations like Intel.
I will *not* start screaming at Intel now. Myself, I have done more bugs
than Intel ever will. As somene said before:

Those that are free of sin, throw the first stone...

For any user of pentium cpus in a multiuser system this means that
anybody that can execute a program can freeze the system dead. I repeat:
NO ROOT PERMISSIONS ARE NEEDED.
--
Jacob Navia	Logiciels/Informatique
41 rue Maurice Ravel			Tel (1) 48.23.51.44
93430 Villetaneuse 			Fax (1) 48.23.95.39
France

In article <mng==m0xUFcS-000ALXC@jacob.remcomp.fr> you
write:
>
>This morning I received this message from the list gnu-win32@cygnus.com:
>The sender was anonymous
>
>>
>> There is a SERIOUS bug in all pentium CPUs. The following
>> code will crash any machine running on a pentium CPU, MMX or no
>> MMX, any speed, regardless of OS (crash as in instant seize, hard
>> reboot the only cure):
>>
>> char x [5] = { 0xf0, 0x0f, 0xc7, 0xc8 };
>>
>> main ()
>> {
>>        void (*f)() = x;
>>        f();
>> }
>>
>> This require no special permissions to run, it works fine with
>> average-joe-userspace permissions. I have verified this, it works.
>> Demand a new CPU from Intel.
>>
>
>Curious, I compiled that under Linux OS. Linux freezed. Dead.
>Without *any* warning.
>
>My machine is a Genuine Intel 166 MHZ Pentium MMX.
Does it freeze without the LOCK instruction (0xf0) too? (Intel meant
"lock bus" and not "lock machine" with that instruction)

If not, does the Pentium generate an exception (like an 80386), when
it executes a LOCK and CPL is greater IOPL? It could be a workaround
then to let a user process execute at CPL 3 and IOPL 2.