Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to ironwalker
Re: "HyperThreading considered harmful"
I think this is really nothing to worry, though I'm not any kind of hardware security expert.
Unless I'm reading it wrong, it requires that the high-security thread and the low security thread be running at the same time, and this looks like a really hard thing to coordinate. User programs have only limited ability to interact with the scheduler, and I don't think they have any way of requesting "Run me at the same time you run $PROCESS".
I won't go farther than "It looks like a stretch to me", because all kinds of clever people have come up with all kinds of clever ideas to do surprising things.
But the "vendor notifications" seem a little weak to me, like "Well, this is nothing but I guess we have to say something"said by SCO's advisory for Unixware:
The proper solution is to disable Hyper-Threading, unless you are certain that (1) no authorized users of your system have the ability to run a malicious program, and (2) it is not possible for any unauthorized users to access the system. If there are unauthorized users and/or those who run malicious programs on the system, all kinds of bad effects are possible, though I'm not going to discount the danger of getting a private key swiped.
But I think I required a bit more evidence to believe this is anything to worry about.
Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| wel steve it may also be possible for a remopte user to do the same. Example run a java app on web site that stays active. Then you might be able to exploit the flaw remotly. And take your pick of other threads. It would be hard as hell but probably doable. Ive never delt with a hardware securit flaw before. But getting a buffer over run is similar to a hardware security flaw realy. Essentialy what your doing is putting things in to ram area from one programs area to another programs area of ram. So it should be at least possible to do the same with a cpus cache.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channelopen source dns server for *nix and windows »powerdns.com |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by novaflare  : Example run a java app on web site that stays active. No way.
I think this is beyond the pale of what one can do. I think it's going to be impossible for a Java application to do this, because aside from the fact that it doesn't have access to the CPU instructions required to do this kind of hyper-highresolution timing, Java has so much overhead that it's going to confound any efforts at measuring these timing differences.But getting a buffer over run is similar to a hardware security flaw realy. Hmmm, did you actually read the paper?
There is no circumstance where thread #1 can read or write data cached by thread #2 - it can only make some guesses about which memory thread #2 is accessing. This revolves around subtle timing issues, not modifying memory.
Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| just used as a example. It how ever is probably possible to do so with spyware torjans or other apps you could trick the user in to downloading. And i only read part of it. Before posting reading more now. Ither way intel needs to take serious action to correct it.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channelopen source dns server for *nix and windows »powerdns.com |
|
BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000
| reply to Steve
said by Steve :No way. I think this is beyond the pale of what one can do. I think it's going to be impossible for a Java application to do this, Ditto.
--
$ /bin/whoami
nobody |
|
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
| reply to Steve
said by Steve :There is no circumstance where thread #1 can read or write data cached by thread #2 - it can only make some guesses about which memory thread #2 is accessing. This revolves around subtle timing issues, not modifying memory. Hence, my interest, and my headache!
--
Windows, Mac, Linux, BSD - just use the right tool for the right job... end the OS Politics! |
|
