Linked by Thom Holwerda on Thu 11th May 2006 15:50 UTC, submitted by anonymous
A feature called System Management Mode included in modern x86 cpus opens the way to the land of kernel space and the quest for ring zero. Federico Biancuzzi interviews French researcher Loïc Duflot to learn about the System Management Mode attack, how to mitigate it, what hardware is vulnerable, and why we should be concerned with recent X Server bugs.
Thread beginning with comment 123561
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-07-06
Disclaimer: Didn't read the article, read the original paper regarding this flaw when it first came to light.
The bug is that it's possible for the X server to obtain ring 0 privileges (i.e. kernel level privilege to do anything) by abuse of SMM.
HOWEVER
On many platforms (Linux for instance), X11 tends to be given privileges that approximately amount to the same thing. For instance, on x86 Linux a root process can get direct access to IO ports, disable interrupts, map any memory, etc. This effectively means it can always get ring0 privs if it want. The fact that there's now *another* way for X to do this doesn't seem like a big issue to me.
It is an issue on OpenBSD because it enables a subverted X server to circumvent the BSD secure levels. They can and do run X11 as non-root without direct access to the IO ports, yet it is still able to obtain ring0 access. Oh dear.
This behaviour is due to a quirk in the way x86 platform chipsets work, and the interaction of this with the way X11 servers are normally run on *nix systems. The problem could be avoided by a better X server architecture (which is the proposed fix from the OBSD folks) which didn't allow the X server such freedom to drive the hardware as it chose.