Linked by Thom Holwerda on Thu 11th May 2006 15:50 UTC, submitted by anonymous
Privacy, Security, Encryption A feature called System Management Mode included in modern x86 cpus opens the way to the land of kernel space and the quest for ring zero. Federico Biancuzzi interviews French researcher Loc Duflot to learn about the System Management Mode attack, how to mitigate it, what hardware is vulnerable, and why we should be concerned with recent X Server bugs.
Thread beginning with comment 123545
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Great article!
by ivans on Thu 11th May 2006 18:23 UTC in reply to "RE[2]: Great article!"
ivans
Member since:
2005-12-03

All operating systems running on x86 suffer from hardware vulnerabilities on the x86-platform. It takes a moron to believe otherwise.

No, it takes a moron to think this is x86 bug, when in fact it is an OS-level design flaw.

Windows does not suffer from this particular X Server bug because Windows does not use the X Server.

Windows does not suffer from this particular design flaw because it denies any user-mode (ring3) PIO access via EFLAGS.IOPL field. X Server is just an example - it could be any other app.

However, one cannot conclude on that background that Windows isn't vulnerable to hardware bugs.

I never claimed it wasn't. This is not a hardware bug.

Edited 2006-05-11 18:27

Reply Parent Score: 2

RE[4]: Great article!
by dylansmrjones on Thu 11th May 2006 18:33 in reply to "RE[3]: Great article!"
dylansmrjones Member since:
2005-10-02

It's not the slightest bit related to OS'es.

It's a weakness in the x86, which manifests itself with certain applications, like the X Server.

Running the X Server in CygWin on Windows is likely to be suffering from this particular vulnerability, as well.

The software bug is merely due to flaws in the hardware design, and in no circumstances related to the OS of choice.

It does not look like you actually read the article.

Reply Parent Score: 1

RE[5]: Great article!
by CrazyDude0 on Thu 11th May 2006 18:45 in reply to "RE[4]: Great article!"
CrazyDude0 Member since:
2005-07-10

You need to read the article again.

If OS doesn't allow PIO access to user mode code, this exploit is not possible.

However, the article doesn't clearly say if you can carry out this exploit without root privilege or not. If this requires root privilege, then to me it is not a bug. Once you are root, you can exploit the system in whatever way you want. You can easily install a driver to get to kernel mode and do whatever the hell you want.

If on the other hand, a non-root process can do this, then it is definitely a serious bug in *nixes.

Reply Parent Score: 3

RE[5]: Great article!
by CrazyDude0 on Thu 11th May 2006 18:48 in reply to "RE[4]: Great article!"
CrazyDude0 Member since:
2005-07-10

dylansmrjones: This exploit is not possible on Windows if you run X as a non-admin. Because a non-admin user mode process can never get PIO access and it can never install a driver to get in kernel mode to get PIO access.

BTW this is *NOT* completely a hardware bug. It is the OS which is giving permissions to sensitive areas first.

Reply Parent Score: 3

RE[5]: Great article!
by BluenoseJake on Fri 12th May 2006 15:27 in reply to "RE[4]: Great article!"
BluenoseJake Member since:
2005-08-11

Cygwin would not be vulnerable, as windows restricts access to PIO for userspace, it's that simple, cygwin can't get around that restriction

Reply Parent Score: 1