Alex ionescu is quoted on the register so I assume it is in the pipeline already?Fraizeraust wrote: This hardware bug will also affect ReactOS, no doubt. The main question is, do we have an active kernel developer who can tackle this critical flaw for the better?
Intel processor design flaw requiring ROS kernel mode change
Moderator: Moderator Team
Re: Intel processor design flaw requiring ROS kernel mode ch
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
Re: Intel processor design flaw requiring ROS kernel mode ch
https://googleprojectzero.blogspot.co.u ... -side.html
Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz (called "Intel Haswell Xeon CPU" ...)
AMD FX(tm)-8320 Eight-Core Processor (called "AMD FX CPU" ...)
AMD PRO A8-9600 R7, 10 COMPUTE CORES 4C+6G (called "AMD PRO CPU" ...)
An ARM Cortex A57 core of a Google Nexus 5x phone [6] (called "ARM Cortex A57" ...)
These are the CPUs tested by Google team that announced the vulnerability but the exploit is not limited to these CPUs.
Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz (called "Intel Haswell Xeon CPU" ...)
AMD FX(tm)-8320 Eight-Core Processor (called "AMD FX CPU" ...)
AMD PRO A8-9600 R7, 10 COMPUTE CORES 4C+6G (called "AMD PRO CPU" ...)
An ARM Cortex A57 core of a Google Nexus 5x phone [6] (called "ARM Cortex A57" ...)
These are the CPUs tested by Google team that announced the vulnerability but the exploit is not limited to these CPUs.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
Re: Intel processor design flaw requiring ROS kernel mode ch
Thanks. That's not exactly the answer but if that is the thing then the answer matters less.dizt3mp3r wrote: FYI Latest news would imply that even dual core CPUs prior to 2007 would also be affected by the same weakness/potential exploit. This particular functionality has been used in Intel CPUs since 1995.
What is the meaning of FYI, PS, PPS, re?
Last edited by Adcock on Thu Jan 04, 2018 5:45 pm, edited 2 times in total.
Re: Intel processor design flaw requiring ROS kernel mode ch
FYI - for your information
P.S. Post Script (latin) - an extra sentence not necessarily in context with the rest of the note, added to the end, abbreviated often to PS.
P.P.S Post-post script, abbreviated often to PPS.
Apologies for their usage, I automatically assume understanding as these are part of normal English usage but I do appreciate some of these things are arcane and not so easy to guess.
P.S. Post Script (latin) - an extra sentence not necessarily in context with the rest of the note, added to the end, abbreviated often to PS.
P.P.S Post-post script, abbreviated often to PPS.
Apologies for their usage, I automatically assume understanding as these are part of normal English usage but I do appreciate some of these things are arcane and not so easy to guess.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
Re: Intel processor design flaw requiring ROS kernel mode ch
FYI - Browser developers such as firefox are reducing the accuracy of timing functions as precise timing is required to exploit the Intel CPU side exploit flaw, reduction in timer accuracy means that drive-by web based exploits would be harder to carry out using javascript on the web. Other browser developers are considering a similar change as a temporary measure to help prevent any exploit in the wild.
This of course is only a temporary fix and does not mitigate all the other attack directions be it browser-based, app, driver or program.
This of course is only a temporary fix and does not mitigate all the other attack directions be it browser-based, app, driver or program.
Last edited by dizt3mp3r on Thu Jan 04, 2018 9:52 pm, edited 1 time in total.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
Re: Intel processor design flaw requiring ROS kernel mode ch
Another reason why we should not currently be recommending 'using' ReactOS to anyone on real hardware until such a change is implemented - just a thought.Fraizeraust wrote: This hardware bug will also affect ReactOS, no doubt. The main question is, do we have an active kernel developer who can tackle this critical flaw for the better?
Whilst on the subject of installing ReactOS, I wonder what the implications are of running an insecure o/s that has an unpatched kernel as a virtual o/s on a host that has a vulnerable Intel cpu. I've heard that when this bug was discovered on Linux hypervisors the virtual o/s was able to access the host's kernel memory... That is frightening and it implies that ReactOS or any unpatched o/s is a potential trojan horse for an exploit. I don't mind being wrong on this, it is just a point of discussion that I feel needs to be opened...
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
Re: Intel processor design flaw requiring ROS kernel mode ch
it's the same as with the OS vs. user process situation. because 1) the problem is in the wrong handling of speculatively executed instructions by CPU. it doesn't pay attention to the access violation in the way it should, letting an attacker to get the idea of what data has been read from places he/she shouldn't ba able to do. it equally applies to the Hypervisor/OS interface as to the OS/user process interface. and 2) virtualization never ever gave any additional security, it's a stupid pseudotechnology extensively abused for absolutely inappropriate goals. thanks to it, now patched and slown down Windows/linux (or VaporWare, Hyper-V, whatever-hyper-overhyped(TM)) host will be running patched and slown down linux/windows... of course the performance penalty will be *negligible*.That is frightening and it implies that ReactOS or any unpatched o/s is a potential trojan horse for an exploit. I don't mind being wrong on this, it is just a point of discussion that I feel needs to be opened...
Re: Intel processor design flaw requiring ROS kernel mode ch
It is frightening as many will not appreciate the potential for Trojan Horse Exploits.
Most would assume that running as a virtual o/s in a VM is a suitable sandbox that protects the host o/s from any exploit.
Intel have really screwed up.
PS. Look Val - we can talk!
Most would assume that running as a virtual o/s in a VM is a suitable sandbox that protects the host o/s from any exploit.
Intel have really screwed up.
PS. Look Val - we can talk!
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
Re: Intel processor design flaw requiring ROS kernel mode ch
Here is the statement from AMD: http://www.amd.com/en/corporate/speculative-execution
Variant One Bounds Check Bypass Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.
Variant Two Branch Target Injection Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.
Variant Three Rogue Data Cache Load Zero AMD vulnerability due to AMD architecture differences.
Variant One Bounds Check Bypass Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.
Variant Two Branch Target Injection Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.
Variant Three Rogue Data Cache Load Zero AMD vulnerability due to AMD architecture differences.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
Re: Intel processor design flaw requiring ROS kernel mode ch
Before the revision, the recommended solution was to replace the CPU with an unaffected CPU. That probably sowed fear and panic throughout the IT and device industries.CERT Vulnerability Notes Database wrote:Vulnerability Note VU#584653
CPU hardware vulnerable to side-channel attacks
Original Release date: 03 Jan 2018 | Last revised: 04 Jan 2018
Overview
CPU hardware implementations are vulnerable to side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre.
Re: Intel processor design flaw requiring ROS kernel mode ch
ARM's response
https://developer.arm.com/support/security-update
Bu@@er - my old iphone 4 has the exploit...
https://developer.arm.com/support/security-update
Bu@@er - my old iphone 4 has the exploit...
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
Re: Intel processor design flaw requiring ROS kernel mode ch
This is the best summary I have found so far: https://www.theregister.co.uk/2018/01/0 ... erability/
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
Re: Intel processor design flaw requiring ROS kernel mode ch
Another link for you all http://blog.erratasec.com/2018/01/some- ... k3j1vkS_cs
Please keep the Windows classic 9x/2000 look and feel.
The layman's guides - debugging - bug reporting - compiling - ISO remaster.
They may help you with a problem, so do have a look at them.
The layman's guides - debugging - bug reporting - compiling - ISO remaster.
They may help you with a problem, so do have a look at them.
- Fraizeraust
- Posts: 234
- Joined: Thu Jan 05, 2017 11:46 am
- Location: Italy
- Contact:
Re: Intel processor design flaw requiring ROS kernel mode ch
Here are the results by Speculation-Control module.
[ external image ]
It turns out the update by Microsoft Windows doesn't do anything to mitigate the Meltdown and Spectre bug. Looks like I need to update both the firmware and the BIOS as well however I'm scared that it will brick my Toshiba Satellite C660 rendering it un-bootable...
Anybody else knows how can I update the BIOS safely?
[ external image ]
It turns out the update by Microsoft Windows doesn't do anything to mitigate the Meltdown and Spectre bug. Looks like I need to update both the firmware and the BIOS as well however I'm scared that it will brick my Toshiba Satellite C660 rendering it un-bootable...
Anybody else knows how can I update the BIOS safely?
a.k.a. GeoB99 -- ReactOS Kernel developer -- My Wiki page
- Fraizeraust
- Posts: 234
- Joined: Thu Jan 05, 2017 11:46 am
- Location: Italy
- Contact:
Re: Intel processor design flaw requiring ROS kernel mode ch
Welp, looks like I'm completely f*cked up. Went through Toshiba Support web page looking for newest BIOS update but the latest one is from 2012... Hopefully Toshiba will release a update if not, then I'm screwed.
a.k.a. GeoB99 -- ReactOS Kernel developer -- My Wiki page
Who is online
Users browsing this forum: No registered users and 45 guests