Potentially dangerous Pentium bug disc

Robert E. Seastrom rs at bifrost.seastrom.com
Wed Nov 12 19:20:03 UTC 1997


   Date: Wed, 12 Nov 97 10:15 PST
   From: Randy Bush <randy at psg.com>

   gated does not have that illegal instruction sequence in it.  compilers
   don't generate it.  httpd does not have the sequence.

Even on closed systems, the exposed daemons (sendmail/smap, httpd,
gated, inetd) can not be safely said to not have buffer overflow
holes, as new ones are found periodically.  What this means is that
anyone can overflow a buffer into stack space and pop code in in
place of a return....  whereas the threat profile this used to present
was that someone could go through all sorts of gyrations, upload a
tiny exploit to hack root, etc., the threat profile it now presents is
quite a bit more serious -- they now have the functional equivalent of
a user-mode "halt" instruction.  While you used to be fairly safe if
you ran smap (for instance; i don't know of any specific holes in
smap) in a chrooted jail, now that defense doesn't stop some punk from
kicking your butt offline.

While I'd rather see this thread continued in more appropriate fora, I
observe that Intel hardware has found its way into my infrastructure
(and I'd suspect the infrastructure of even some large ISPs) because
its excellent price-performance figures allow us to swallow our pride
(and distaste at certain aspects of the architecture) and deploy them
in a production environment.  Because of the potential operational
impact of this misfeature, I must concede that nanog is not a wholly
inappropriate forum for this discussion and I must politely disagree
with my esteemed colleague from Washington State.  ;-)

                                        ---Rob







More information about the NANOG mailing list