[1659] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] pentium bug makes security under linux impossible

daemon@ATHENA.MIT.EDU (Jacob Navia)
Sun Nov 9 18:54:34 1997

From: jacob@jacob.remcomp.fr (Jacob Navia)
To: linux-security@redhat.com
Date: Sat, 8 Nov 1997 19:28:28 +0100 (MET)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


This morning I received this message from the list gnu-win32@cygnus.com:
The sender was anonymous

> 
> There is a SERIOUS bug in all pentium CPUs. The following 
> code will crash any machine running on a pentium CPU, MMX or no 
> MMX, any speed, regardless of OS (crash as in instant seize, hard 
> reboot the only cure):
> 
> char x [5] = { 0xf0, 0x0f, 0xc7, 0xc8 };
> 
> main ()
> {
>        void (*f)() = x;
>        f();
> }
> 
> This require no special permissions to run, it works fine with
> average-joe-userspace permissions. I have verified this, it works.
> Demand a new CPU from Intel.
> 

Curious, I compiled that under Linux OS. Linux freezed. Dead. 
Without *any* warning.

My machine is a Genuine Intel 166 MHZ Pentium MMX.

Then I rebooted Windows NT. Compiled it with my compiler system (lcc-win32).
Windows NT freezed. DEAD. Without *any* warning.

Then, I ported the code to my old faithful 486-DX33 with linux. Compiled it.
When it run it traps with 'illegal instruction'

This means that anybody can crash anytime any OS that runs under a Pentium CPU.
As the poster said, no special permissions are needed, the pentium runs under
ring 3 permissions!!!!

This means that no secure system can ever be built that uses the pentium CPU. No
protected system. The OS receives NO TRAP!!!

This is absolutely incredible. 

Bugs are impossible to avoid. Not even with huge corporations like Intel.
I will *not* start screaming at Intel now. Myself, I have done more bugs
than Intel ever will. As somene said before:

Those that are free of sin, throw the first stone...

For any user of pentium cpus in a multiuser system this means that
anybody that can execute a program can freeze the system dead. I repeat:
NO ROOT PERMISSIONS ARE NEEDED.
-- 
Jacob Navia	Logiciels/Informatique
41 rue Maurice Ravel			Tel (1) 48.23.51.44
93430 Villetaneuse 			Fax (1) 48.23.95.39
France

-- 
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post