Posted on 06/29/2007 10:32:48 AM PDT by ShadowAce
A prominent software developer with a reputation for making waves in coding circles is doing it again - this time warning that Intel's celebrated Core 2 Duo is vulnerable to security attacks that target known bugs in the processor.
Discussion forums on Slashdot and elsewhere were ablaze with comments responding to the claims made by Theo de Raadt, who is the founder of OpenBSD. Intel strongly discounted the report, saying engineers have thoroughly scanned the processor for vulnerabilities.
In it he warns that errata contained in the Intel processor is susceptible to security exploits that put users and enterprises at serious risk of being compromised. The exposure can exist even in cases where Intel has issued a fix, de Raadt said, because patches in the microcode frequently don't get installed on systems purchased from smaller vendors or that run less popular operating systems.
"At this time, I cannot recommend purchase of any machines based on the Intel Core 2 until these issues are dealt with (which I suspect will take more than a year)," de Raadt concluded in his post to an OpenBSD discussion group.
Many of the bugs lead to potentially dangerous buffer overflow in which write-protected or non-execute bits for a page table entry are ignored. Others involve floating point instruction non-coherencies or memory corruptions. Intel is aware of the security implications, but has yet to disclose them, he said in an interview.
Intel engineers and some outside security researchers disagree with de Raadt's conclusion, but the implications of them being correct are serious. Thanks to its high performance and plentiful supply, the Core 2 Duo is seemingly everywhere - in Macs, phone switches and PCs running a wide variety of operating systems.
What's more, a vulnerability in the processor could be exploited regardless of the OS it runs, and if the flaw resides in the silicon itself, the traditional remedy of pushing out a software patch could be rendered ineffective.
While something of a spiritual leader in the open source world, De Raadt is also known for stirring the pot. In 2003 his public criticism of the US-led occupation in Iraq cost OpenBSD a $2m grant from the US Defense Advanced Research Project (DARPA). Conflicts with members of the NetBSD ultimately led to his ouster from that project and earned him a reputation as someone whose directness rubbed some people the wrong way.
Of the 105 Core 2 errata Intel has published (PDF), as many as 30 have no OS work-around and are potentially exploitable, de Raadt says. For example, de Raadt says, AI39 has the potential to cause one of the CPU's cores to "read garbage" if the other core executes code in a shared thread. Others simply cause a system to freeze.
In his OpenBSD post, de Raadt lists six errata - designated as AI39, AI43, AI65, AI79, AI90 and AI99 - that he says "scare the hell out of us". Many of the errata de Raadt finds worrisome are the result of significant changes the Core 2 made in the way the memory management units work in Intel CPUs.
Intel spokesman Nick Knupffer took strong issue with de Raadt's contention that Core 2 is vulnerable. Like previous processors, the chip has been thoroughly examined by testers and all errata are published, he said. Those that actually affect the running of a PC are fixed.
"I talked to the people on the errata team and they were pretty surprised by de Raadt's comments," he said. In the rare instances that a bug can't be fixed by issuing a microcode fix, Intel has volunteered to replace defective chips at no cost.
Also challenging de Raadt's conclusion was Rodney Thayer, a security researcher with Canola & Jones. While the six errata in de Raadt's post have the ability to harm the inner workings of an OS, they have little implication for security.
"Like usual, Theo's grumbling is never completely guff, but often it has a lot of noise to it," Thayer says. "I'm having a lot of trouble finding signal there."
But de Raadt said he remains concerned. He cautioned that just because Intel has issued a fix or instructions for a work-around doesn't mean they're being pushed out to Core 2 machines, particularly if they're using a less standard OS or are in an embedded device such as a phone switch.
And he also warned that the lack of stability is itself a cause for concern among the security conscious.
"Part of exploitability is being able to crash a machine reliably," he said. "We're trying to build reliable systems on an unreliable framework." ®
>>In it he warns that errata contained in the Intel processor is susceptible to security exploits that put users and enterprises at serious risk of being compromised. The exposure can exist even in cases where Intel has issued a fix, de Raadt said, because patches in the microcode frequently don’t get installed on systems purchased from smaller vendors or that run less popular operating systems.<<
Translation, Windows is safe. Any other operating system is at risk.
Uh. No.
Correct translation, Windows may possibly be safe but no one knows for sure because Intel isn't talking about the actual problem and hasn't actually issued microcode patches for all of the errata that they published.
Other OSes are vulnerable as long as Intel doesn't fess up because you can't fix what you don't know. When the facts come out and the other OSes issue patches, they will be verifiably safe.
Sorry...that was an attempt at nerd humor...
Yes, Theo is an ass, but he tends to do most of his talking by publishing code.
A fully functional microcode patch that fixes Intel's little problem is the surest way to tell Intel and Microsoft to go stuff it.
This guy is an anti-American jerkoff from Canada, he one time got some US government funding but they dumped him shortly after when he started criticising the US everywhere he went. No surprise the Register is running his latest crap either.
Now that you got that off your chest, can we deal with the subject at hand?
It comes down to this, Is he wrong, and if so, can you prove it?
i'll wait for your answer...
I don’t know, but I treat everything coming from leftists and especially anti-American leftists with great skepticism and disdain. He should be looking for holes in open source software, since that is his product and that is what they claim they are doing to secure it, but this guy seems more interested in whining about US chip companies, just the other day it was Sun chips he was crying about.
Ok, take a deep breath, and relax. This is an HARDWARE issue with Intel Processors. It is Operating system neutral.
It comes down to whether or not the vulnerabilities exist. If they do exist lots of people have work to do. If not, then the guy is a loon, and nothing further needs be said.
The point is, the guy is a known loon, whether he got this one right or not. If you prefer to do back flip every time a leftist loon cries wolf that’s up to you.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.