Linked by Thom Holwerda on Thu 11th May 2006 15:50 UTC, submitted by anonymous
Privacy, Security, Encryption A feature called System Management Mode included in modern x86 cpus opens the way to the land of kernel space and the quest for ring zero. Federico Biancuzzi interviews French researcher Loc Duflot to learn about the System Management Mode attack, how to mitigate it, what hardware is vulnerable, and why we should be concerned with recent X Server bugs.
Thread beginning with comment 123527
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Great article!
by ivans on Thu 11th May 2006 17:51 UTC in reply to "Great article!"
ivans
Member since:
2005-12-03

Apparently Windows is the only OS that is NOT vulnerable, so you won't see much of a discussion either.

http://www.cansecwest.com/slides06/csw06-duflot.ppt

Slide #41

So what's up with the oh-so-secure OpenBSD, huh Theo? Installing rootkit in 10 lines of code, LOL.

Edited 2006-05-11 18:00

Reply Parent Score: -2

RE[2]: Great article!
by dylansmrjones on Thu 11th May 2006 18:10 in reply to "RE: Great article!"
dylansmrjones Member since:
2005-10-02

Blah...

All operating systems running on x86 suffer from hardware vulnerabilities on the x86-platform. It takes a moron to believe otherwise.
Windows does not suffer from this particular X Server bug because Windows does not use the X Server. It has a similar solution, but it isn't the X Server.
However, one cannot conclude on that background that Windows isn't vulnerable to hardware bugs.

[EDIT:] But yes to the first poster. It's nice to see article submissions like this one. More of those, please ;)

Edited 2006-05-11 18:11

Reply Parent Score: 2

RE[3]: Great article!
by ivans on Thu 11th May 2006 18:23 in reply to "RE[2]: Great article!"
ivans Member since:
2005-12-03

All operating systems running on x86 suffer from hardware vulnerabilities on the x86-platform. It takes a moron to believe otherwise.

No, it takes a moron to think this is x86 bug, when in fact it is an OS-level design flaw.

Windows does not suffer from this particular X Server bug because Windows does not use the X Server.

Windows does not suffer from this particular design flaw because it denies any user-mode (ring3) PIO access via EFLAGS.IOPL field. X Server is just an example - it could be any other app.

However, one cannot conclude on that background that Windows isn't vulnerable to hardware bugs.

I never claimed it wasn't. This is not a hardware bug.

Edited 2006-05-11 18:27

Reply Parent Score: 2

RE[3]: Great article!
by Tom K on Thu 11th May 2006 18:30 in reply to "RE[2]: Great article!"
Tom K Member since:
2005-07-06

It's not an X Server bug, it's an exploit that takes advantage of an "unprotected" x86 CPU mode. Due to NT not allowing ring 3 code to access PIO privileges, there is no way to modify the SMI handler -- that the researcher currently knows about.

So in reality, no, not all operating systems on x86 suffer from hardware vulnerabilities on the x86-platform. If the OS doesn't provide the facilities to make the attack possible, that's the same as saying that that OS is "safe".

Reply Parent Score: 1