LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 01-04-2018, 10:50 AM   #1
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX
Posts: 2,249
Blog Entries: 5

Rep: Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996
Has anyone heard about this Intel problem?


What I've heard about it (from the BBC tech department) seems quite weird. Apparently Intel processors have some kind of flaw (they called it a bug but surely only software exhibits bugs) which allows them to be hacked. Maybe they are talking about some kind of firmware?

Anyway, Intel are supposed to have hushed it up while they work on a cure but the news has leaked out. Mind you, what I heard on the news this morning sounded rather muddled because they mentioned smartphones too, and as far as I know, they all use arm chips, not Intel ones. Anybody know more?

PS: I just googled "intel flaw" and there's a stash of stuff. People seem to be taking this very seriously.

Last edited by hazel; 01-04-2018 at 10:54 AM.
 
Old 01-04-2018, 11:13 AM   #2
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: MID-SOUTH USA
Distribution: Slackware 14.2 / Slackware 14.2 current / Manjaro / Parrot
Posts: 6,945

Rep: Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400
the latest thing to talk about, put people in a panic so their will be room for chitter chatter, gets ratings. something to write about keeps the pay check rolling in. I'm not too worried about it some bug in a cpu, if it is not accessed then their are no problems like anything that can be exploited.
 
Old 01-04-2018, 11:19 AM   #3
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,130
Blog Entries: 5

Rep: Reputation: 1186Reputation: 1186Reputation: 1186Reputation: 1186Reputation: 1186Reputation: 1186Reputation: 1186Reputation: 1186Reputation: 1186
https://www.linuxquestions.org/quest...ug-4175620852/
 
Old 01-04-2018, 12:20 PM   #4
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,471
Blog Entries: 3

Rep: Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525
Quote:
Originally Posted by BW-userx View Post
the latest thing to talk about, put people in a panic so their will be room for chitter chatter, gets ratings. something to write about keeps the pay check rolling in. I'm not too worried about it some bug in a cpu, if it is not accessed then their are no problems like anything that can be exploited.
This is a big deal, I doubt however that the news will be able to give it as much coverage as it merits given the role Wintel plays in keeping desktop computing under control. It's deep in the CPU but not buried there. It's easily accessibly from any userspace activity. So it looks like it is widely exploitable even by javascript from the browser.

If Larry Ellison had not been working so hard to help out Bill Gates by eliminating Oracle's recently acquired Sparc series, he would have been in a great position to move on this in the server market.
 
Old 01-04-2018, 12:28 PM   #5
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,297
Blog Entries: 36

Rep: Reputation: Disabled
https://meltdownattack.com has some resources.
 
Old 01-04-2018, 01:22 PM   #6
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: MID-SOUTH USA
Distribution: Slackware 14.2 / Slackware 14.2 current / Manjaro / Parrot
Posts: 6,945

Rep: Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400Reputation: 1400
Quote:
Originally Posted by Turbocapitalist View Post
This is a big deal, I doubt however that the news will be able to give it as much coverage as it merits given the role Wintel plays in keeping desktop computing under control. It's deep in the CPU but not buried there. It's easily accessibly from any userspace activity. So it looks like it is widely exploitable even by javascript from the browser.

If Larry Ellison had not been working so hard to help out Bill Gates by eliminating Oracle's recently acquired Sparc series, he would have been in a great position to move on this in the server market.


statements like this
Quote:
This might include your passwords stored
might be possible to steal data from other customers.
are used to try and put some into a state of paranoia to them that do not read it properly. key word MIGHT, does not mean shall or will.

it means they haven't got a clue. just something to talk about and do, ie fix it whatever it is.

Last edited by BW-userx; 01-04-2018 at 01:26 PM.
 
Old 01-04-2018, 05:35 PM   #7
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys for decades while testing others to keep up
Posts: 1,956

Rep: Reputation: 1851Reputation: 1851Reputation: 1851Reputation: 1851Reputation: 1851Reputation: 1851Reputation: 1851Reputation: 1851Reputation: 1851Reputation: 1851Reputation: 1851
Hello Hazel. If I understand to what you're referring it is very likely just as you inferred, firmware and it's related hardware. For several years now Intel has been designing components inside CPUs to "improve" communication with BIOS/UEFI, or at least that's what they say. Nobody but Intel actually knows for certain since the code is not Open Source but the concern is that anyone who cares to look can see some disturbing links that previously did not exist, especially through the ME and MCH components, with which I find a curious parallel to the famed MCP in the original Tron.

Here is a link to a very dry, but also very enlightening symposium on the subject by none other than the deservedly famous Joanna Rutkowska.

--- The Role (and dangers) of Intel's ME ---

Because it is so dry and a bit difficult for most to watch in it's entirety I include below a link to a screenie of a graphic displaying the architecture. Please note, that among other things, there is a hard-wired connection to drives and wifi. These can operate entirely on Standby power like when you assume your PC is powered down but not all of it is off. You as an "owner", or more accurately "user", have zero control over this function unless you can remove the CMOS battery and that just switches it off temporarily. Once it has power you have no control over what it does or can do and what's more you have zero access to the code regarding it's exact capabilities. This does not mean it cannot be tagged, corrupted, or added to, in short, hacked. However that condition may well pale compared to Intel's own control over everything about it and YOUR PC, your data.

Take a look at the pic linked below and you will see why there is indeed legitimate concern. You will see what is connected and powered even when you assume it's off. It is rather disturbing. I do recommend watching the video since it, and a workaround, is well explained. Unfortunately many will find the workaround too constraining as it is essentially, "use somewhat older CPUs" or several of them. Hopefully the video from a few years ago and the subsequent scares will cause Intel to reconsider it's design and implementation.

https://i.imgur.com/QrIsfDo.png

Last edited by enorbet; 01-04-2018 at 05:40 PM.
 
Old 01-04-2018, 07:29 PM   #8
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,383

Rep: Reputation: 1540Reputation: 1540Reputation: 1540Reputation: 1540Reputation: 1540Reputation: 1540Reputation: 1540Reputation: 1540Reputation: 1540Reputation: 1540Reputation: 1540
Quote:
Originally Posted by hazel View Post
What I've heard about it (from the BBC tech department) seems quite weird. Apparently Intel processors have some kind of flaw (they called it a bug but surely only software exhibits bugs)
Hardware is just software that happens to be encoded in silicon, instead of electrical charges on a disk (or vice versa).

Quote:
Anyway, Intel are supposed to have hushed it up while they work on a cure but the news has leaked out. Mind you, what I heard on the news this morning sounded rather muddled because they mentioned smartphones too, and as far as I know, they all use arm chips, not Intel ones.
From https://meltdownattack.com/:
Quote:
Which systems are affected by Meltdown?

[...]We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.

Which systems are affected by Spectre?

Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.
 
Old 01-04-2018, 07:38 PM   #9
Emerson
LQ Guru
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~arch
Posts: 6,311

Rep: Reputation: Disabled
I'm running Spectre attack on my Kaby Lake i7 (same attack on an AMD computer returns score=0):
Code:
Putting 'The Magic Words are Squeamish Ossifrage.' in memory
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffffde18... Unclear: 0x54=’T’ score=970 (second best: 0x01 score=772)
Reading at malicious_x = 0xffffffffffffde19... Unclear: 0x68=’h’ score=998 (second best: 0x01 score=793)
Reading at malicious_x = 0xffffffffffffde1a... Unclear: 0x65=’e’ score=999 (second best: 0x01 score=772)
Reading at malicious_x = 0xffffffffffffde1b... Unclear: 0x20=’ ’ score=999 (second best: 0x01 score=748)
Reading at malicious_x = 0xffffffffffffde1c... Unclear: 0x4D=’M’ score=999 (second best: 0x01 score=781)
Reading at malicious_x = 0xffffffffffffde1d... Unclear: 0x61=’a’ score=999 (second best: 0x01 score=739)
Reading at malicious_x = 0xffffffffffffde1e... Unclear: 0x67=’g’ score=999 (second best: 0x01 score=811)
Reading at malicious_x = 0xffffffffffffde1f... Unclear: 0x69=’i’ score=999 (second best: 0x01 score=777)
Reading at malicious_x = 0xffffffffffffde20... Unclear: 0x63=’c’ score=999 (second best: 0x01 score=814)
Reading at malicious_x = 0xffffffffffffde21... Unclear: 0x20=’ ’ score=998 (second best: 0x01 score=807)
Reading at malicious_x = 0xffffffffffffde22... Unclear: 0x57=’W’ score=999 (second best: 0x01 score=751)
Reading at malicious_x = 0xffffffffffffde23... Unclear: 0x6F=’o’ score=999 (second best: 0x01 score=781)
Reading at malicious_x = 0xffffffffffffde24... Unclear: 0x72=’r’ score=998 (second best: 0x01 score=770)
Reading at malicious_x = 0xffffffffffffde25... Unclear: 0x64=’d’ score=999 (second best: 0x01 score=763)
Reading at malicious_x = 0xffffffffffffde26... Unclear: 0x73=’s’ score=999 (second best: 0x01 score=739)
Reading at malicious_x = 0xffffffffffffde27... Unclear: 0x20=’ ’ score=999 (second best: 0x01 score=793)
Reading at malicious_x = 0xffffffffffffde28... Unclear: 0x61=’a’ score=999 (second best: 0x01 score=798)
Reading at malicious_x = 0xffffffffffffde29... Unclear: 0x72=’r’ score=999 (second best: 0x01 score=789)
Reading at malicious_x = 0xffffffffffffde2a... Unclear: 0x65=’e’ score=999 (second best: 0x01 score=797)
Reading at malicious_x = 0xffffffffffffde2b... Unclear: 0x20=’ ’ score=999 (second best: 0x01 score=790)
Reading at malicious_x = 0xffffffffffffde2c... Unclear: 0x53=’S’ score=999 (second best: 0x01 score=790)
Reading at malicious_x = 0xffffffffffffde2d... Unclear: 0x71=’q’ score=999 (second best: 0x01 score=780)
Reading at malicious_x = 0xffffffffffffde2e... Unclear: 0x75=’u’ score=999 (second best: 0x01 score=789)
Reading at malicious_x = 0xffffffffffffde2f... Unclear: 0x65=’e’ score=999 (second best: 0x01 score=699)
Reading at malicious_x = 0xffffffffffffde30... Unclear: 0x61=’a’ score=999 (second best: 0x01 score=785)
Reading at malicious_x = 0xffffffffffffde31... Unclear: 0x6D=’m’ score=998 (second best: 0x01 score=787)
Reading at malicious_x = 0xffffffffffffde32... Unclear: 0x69=’i’ score=999 (second best: 0x01 score=761)
Reading at malicious_x = 0xffffffffffffde33... Unclear: 0x73=’s’ score=999 (second best: 0x01 score=741)
Reading at malicious_x = 0xffffffffffffde34... Unclear: 0x68=’h’ score=999 (second best: 0x01 score=775)
Reading at malicious_x = 0xffffffffffffde35... Unclear: 0x20=’ ’ score=999 (second best: 0x01 score=743)
Reading at malicious_x = 0xffffffffffffde36... Unclear: 0x4F=’O’ score=999 (second best: 0x01 score=786)
Reading at malicious_x = 0xffffffffffffde37... Unclear: 0x73=’s’ score=998 (second best: 0x01 score=757)
Reading at malicious_x = 0xffffffffffffde38... Unclear: 0x73=’s’ score=999 (second best: 0x01 score=835)
Reading at malicious_x = 0xffffffffffffde39... Unclear: 0x69=’i’ score=997 (second best: 0x01 score=802)
Reading at malicious_x = 0xffffffffffffde3a... Unclear: 0x66=’f’ score=999 (second best: 0x01 score=767)
Reading at malicious_x = 0xffffffffffffde3b... Unclear: 0x72=’r’ score=999 (second best: 0x01 score=844)
Reading at malicious_x = 0xffffffffffffde3c... Unclear: 0x61=’a’ score=999 (second best: 0x01 score=763)
Reading at malicious_x = 0xffffffffffffde3d... Unclear: 0x67=’g’ score=999 (second best: 0x01 score=801)
Reading at malicious_x = 0xffffffffffffde3e... Unclear: 0x65=’e’ score=999 (second best: 0x01 score=769)
Reading at malicious_x = 0xffffffffffffde3f... Unclear: 0x2E=’.’ score=999 (second best: 0x01 score=795)
 
Old 01-04-2018, 08:47 PM   #10
jefro
Moderator
 
Registered: Mar 2008
Posts: 18,550

Rep: Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778
Bug, flaw, advanced feature, who is to say?
 
Old 01-04-2018, 10:26 PM   #11
_roman_
Member
 
Registered: Dec 2017
Location: _Austro_Bavaria_
Distribution: gentoo / linux mint
Posts: 433

Rep: Reputation: 28
https://www.linuxquestions.org/quest...ug-4175620852/

Now I see several topics.

as I wrote it, it was not clear that google named it.

Most pages do not refer to google naming for spectre and meltdown.

and yes afaik intel made a mess.

I wish we could sue like in america. Where many people sue companies.

I do not trust that 5 percent penalty stuff. I have read up to 60 percent penalty for certain tasks.

and afaik cpus since 1995 affected with a few which are not, which i doubt like intel itanium
 
Old 01-05-2018, 01:46 AM   #12
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX
Posts: 2,249
Blog Entries: 5

Original Poster
Rep: Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996
@enorbet This isn't the Management Engine bug, it's something completely different. You can call ME spyware if you like, but it was planned and built in. This has taken everyone by surprise.

Clearly there are two bugs, and the more important one (Meltdown) only affects Intel. The Spectre bug may or may not affect amd and arm chips. Arm say no, but nobody's certain.

The kernel hackers are working on a protective patch, but apparently it's going to slow our machines down badly.

PS: Here is a link to the BLFS support list, describing the new kernel fix for Meltdown. Now we can all fix our systems at least partially. No doubt a fix for Spectre is coming down the line.

The timing tests are interesting. It looks as if the slowdown is much less than predicted.

PPS: Intel users can use Linux-4.14.11. AMD users wait for 4.14.12.

Last edited by hazel; 01-05-2018 at 02:10 AM. Reason: Postscripts
 
Old 01-05-2018, 01:59 AM   #13
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,471
Blog Entries: 3

Rep: Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525
There are at least three bugs, so far, covered by those two brand names.
  • Variant 1: bounds check bypass (CVE-2017-5753)
  • Variant 2: branch target injection (CVE-2017-5715)
  • Variant 3: rogue data cache load (CVE-2017-5754)

https://googleprojectzero.blogspot.c...with-side.html
 
Old 01-05-2018, 10:11 AM   #14
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX
Posts: 2,249
Blog Entries: 5

Original Poster
Rep: Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996
I built a 4.14.11 kernel but now I can't boot the damn thing! I get a string of acpi errors and then a kernel panic. As far as I can see, it's the same as the reported panic in https://bugzilla.redhat.com/show_bug.cgi?id=1520265 which was with a 4.14.8 kernel. The poster fixed that with a bios update, which is something I would never dare to try. Too great a risk of bricking the machine.

It looks as though I'll have to stick with my old kernel for the time being until the new kernel stabilises, and just hope that nobody exploits it.

Last edited by hazel; 01-05-2018 at 10:19 AM.
 
Old 01-05-2018, 10:43 AM   #15
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,130
Blog Entries: 5

Rep: Reputation: 1186Reputation: 1186Reputation: 1186Reputation: 1186Reputation: 1186Reputation: 1186Reputation: 1186Reputation: 1186Reputation: 1186
Haven't the KPTI patches been backported to the 4.4.x and 4.9.x longterm branches?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
problem: MIDI sound heard on wrong playback device opc Linux - Software 5 01-21-2009 04:48 AM
Ever heard of Alinux and HOW do you burn a 800mb CD I've never heard of one BiPolarPenguin General 4 12-19-2006 08:56 PM
LXer: Loan Linux Your Larynx - Let Your Voice Be Heard…No, REALLY Heard LXer Syndicated Linux News 0 01-29-2006 11:03 PM
skype problem on FC3 (I hear but I am not being heard) ddaas Linux - Software 6 11-25-2005 01:58 AM
Another sound card problem, that you have probably heard before! jay2901 Linux - Hardware 1 08-04-2004 08:08 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 01:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration