2007-06-27 17:08:16 Theo de Raadt wrote: > Various developers are busy implimenting workarounds for serious bugs > in Intel's Core 2 cpu. > > These processors are buggy as hell, and some of these bugs don't just > cause development/debugging problems, but will *ASSUREDLY* be > exploitable from userland code. > > As is typical, BIOS vendors will be very late providing workarounds / > fixes for these processors bugs. Some bugs are unfixable and cannot > be worked around. Intel only provides detailed fixes to BIOS vendors > and large operating system groups. Open Source operating systems are > largely left in the cold. > > Full (current) errata from Intel: > > http://download.intel.com/design/processor/specupdt/31327914.pdf > > - We bet there are many more errata not yet announced -- every month > this file gets larger. > - Intel understates the impact of these erraata very significantly. > Almost all operating systems will run into these bugs. > - Basically the MMU simply does not operate as specified/implimented > in previous generations of x86 hardware. It is not just buggy, > but Intel has gone further and defined "new ways to handle page > tables" (see page 58). > - Some of these bugs are along the lines of "buffer overflow"; where > a write-protect or non-execute bit for a page table entry is > ignored. Others are floating point instruction non-coherencies, or > memory corruptions -- outside of the range of permitted writing for > the process -- running common instruction sequences. > - All of this is just unbelievable to many of us. > > An easier summary document for some people to read: > > > http://www.geek.com/images/geeknews/2006Jan/core_duo_errata__2006_01_2 >1__full.gif > > Note that some errata like AI65, AI79, AI43, AI39, AI90, AI99 scare > the hell out of us. Some of these are things that cannot be fixed in > running code, and some are things that every operating system will do > until about mid-2008, because that is how the MMU has always been > managed on all generations of Intel/AMD/whoeverelse hardware. Now > Intel is telling people to manage the MMU's TLB flushes in a new and > different way. Yet even if we do so, some of the errata listed are > unaffected by doing so. > > As I said before, hiding in this list are 20-30 bugs that cannot be > worked around by operating systems, and will be potentially > exploitable. I would bet a lot of money that at least 2-3 of them > are. > > For instance, AI90 is exploitable on some operating systems (but not > OpenBSD running default binaries). > > At this time, I cannot recommend purchase of any machines based on the > Intel Core 2 until these issues are dealt with (which I suspect will > take more than a year). Intel must be come more transparent. > > (While here, I would like to say that AMD is becoming less helpful day > by day towards open source operating systems too, perhaps because > their serious errata lists are growing rapidly too).
http://conference.hackinthebox.org/hitbsecconf2008kl/?page_id=214 -- Best wishes, Vadim Zhukov