[13630] in North American Network Operators' Group
Re: Potentially dangerous Pentium bug disc
daemon@ATHENA.MIT.EDU (Robert E. Seastrom)
Wed Nov 12 14:28:48 1997
Date: Wed, 12 Nov 1997 14:20:03 -0500 (EST)
From: "Robert E. Seastrom" <rs@bifrost.seastrom.com>
To: randy@psg.com
CC: nanog@merit.edu, rs@bifrost.seastrom.com
In-reply-to: <m0xVhJz-0007zYC@rip.psg.com> (message from Randy Bush on Wed, 12
Nov 97 10:15 PST)
Date: Wed, 12 Nov 97 10:15 PST
From: Randy Bush <randy@psg.com>
gated does not have that illegal instruction sequence in it. compilers
don't generate it. httpd does not have the sequence.
Even on closed systems, the exposed daemons (sendmail/smap, httpd,
gated, inetd) can not be safely said to not have buffer overflow
holes, as new ones are found periodically. What this means is that
anyone can overflow a buffer into stack space and pop code in in
place of a return.... whereas the threat profile this used to present
was that someone could go through all sorts of gyrations, upload a
tiny exploit to hack root, etc., the threat profile it now presents is
quite a bit more serious -- they now have the functional equivalent of
a user-mode "halt" instruction. While you used to be fairly safe if
you ran smap (for instance; i don't know of any specific holes in
smap) in a chrooted jail, now that defense doesn't stop some punk from
kicking your butt offline.
While I'd rather see this thread continued in more appropriate fora, I
observe that Intel hardware has found its way into my infrastructure
(and I'd suspect the infrastructure of even some large ISPs) because
its excellent price-performance figures allow us to swallow our pride
(and distaste at certain aspects of the architecture) and deploy them
in a production environment. Because of the potential operational
impact of this misfeature, I must concede that nanog is not a wholly
inappropriate forum for this discussion and I must politely disagree
with my esteemed colleague from Washington State. ;-)
---Rob
