Potentially dangerous Pentium bug disc
Robert E. Seastrom
rs at bifrost.seastrom.com
Wed Nov 12 19:20:03 UTC 1997
Date: Wed, 12 Nov 97 10:15 PST
From: Randy Bush <randy at psg.com>
gated does not have that illegal instruction sequence in it. compilers
don't generate it. httpd does not have the sequence.
Even on closed systems, the exposed daemons (sendmail/smap, httpd,
gated, inetd) can not be safely said to not have buffer overflow
holes, as new ones are found periodically. What this means is that
anyone can overflow a buffer into stack space and pop code in in
place of a return.... whereas the threat profile this used to present
was that someone could go through all sorts of gyrations, upload a
tiny exploit to hack root, etc., the threat profile it now presents is
quite a bit more serious -- they now have the functional equivalent of
a user-mode "halt" instruction. While you used to be fairly safe if
you ran smap (for instance; i don't know of any specific holes in
smap) in a chrooted jail, now that defense doesn't stop some punk from
kicking your butt offline.
While I'd rather see this thread continued in more appropriate fora, I
observe that Intel hardware has found its way into my infrastructure
(and I'd suspect the infrastructure of even some large ISPs) because
its excellent price-performance figures allow us to swallow our pride
(and distaste at certain aspects of the architecture) and deploy them
in a production environment. Because of the potential operational
impact of this misfeature, I must concede that nanog is not a wholly
inappropriate forum for this discussion and I must politely disagree
with my esteemed colleague from Washington State. ;-)
---Rob
More information about the NANOG
mailing list