LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-13-2018, 03:56 AM   #1
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 8,156
Blog Entries: 5

Rep: Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950
Meltdown Kernel Fix for 32 bit Architectures?


Is there some definite information on this?
maybe somebody working on a fix?
or at least some kernel dev mentioned that this is an issue that should be addressed?

i spent a half hour searching the web for references to meltdown, its fix for linux, and 32 bit architecture.
there's very little hard info, and not much opinion either.
here's what i think is the situation:
  • meltdown affects all intel cpus since 1995 - that must include 32 bit architecture => 32bit computers are vulnerable.
  • the kernel fix applies to 64bit architectures only.
  • it is unclear whether a (different) fix for 32bit is possible, whether someone's working on it or even considering it a priority.
  • in addition to the kernel mentioned (*), i tried Linux 4.9.0-0.bpo.5-686-pae #1 SMP Debian 4.9.65-3+deb9u2~bpo8+1 (2017-01-05) i686 & reran the spectre-meltdown-checker, with identical results: all 3 vulnerabilities are not fixed.

links:
https://security-tracker.debian.org/.../CVE-2017-5754
https://github.com/speed47/spectre-m...cker/issues/58
https://www.neowin.net/news/ubuntu-w...by-january-9th
https://security.stackexchange.com/q...inux-platforms

of course all this still doesn't address the Spectre Vulnerability...

(*) that would be the latest security update to debian jessie's mainline kernel: 3.16.51-3+deb8u1
 
Old 01-13-2018, 04:35 AM   #2
clavisound
LQ Newbie
 
Registered: Apr 2011
Posts: 14

Rep: Reputation: 1
To the positive side(s).

1. I have not managed to compile a meltdown example in 32-bit.
2. 32-bit must be rare now in desktop?*
3. No problem if you run trusted code or in "secure" server.
4. The official example (proof of concept) that I managed to run it was really slow. After 30 minutes it sucks cpu and nothing malicious found. So if you just check / control your CPU usage will able to understand the malicious attempt.

* In reality the problem with meltdown is with browsing with javascript (or maybe with java in browser?) enabled I don't think many people browsing with 32bit. The second problem is with malicious code (local exploit, not remote but check No4 above).

Last edited by clavisound; 01-13-2018 at 04:39 AM.
 
Old 01-13-2018, 07:04 AM   #3
ninaholic
LQ Newbie
 
Registered: Apr 2016
Posts: 2

Rep: Reputation: Disabled
From what I heard Meltdown is a x86_64 problem. This is what Gentoo wiki says:

Quote:
Currently, the KPTI patch-set is only available for 64-bit Gentoo operating systems. Some 32-bit operating systems (for example if you are using 4gb/4gb memory split) are immune because they use separate memory maps for kernel and userspace.
https://wiki.gentoo.org/wiki/Project...tre#Resolution

Not sure who made the 1995 claim but I think it was just premature rumour like Bill Gates 640K quote.
 
2 members found this post helpful.
Old 01-13-2018, 05:56 PM   #4
clavisound
LQ Newbie
 
Registered: Apr 2011
Posts: 14

Rep: Reputation: 1
Thnx ninaholic

The 1995 claim is from google
Quote:
Originally Posted by https://meltdownattack.com/
More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011.
 
Old 01-14-2018, 03:33 AM   #5
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 8,156
Blog Entries: 5

Original Poster
Rep: Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950
Quote:
Originally Posted by clavisound View Post
2. 32-bit must be rare now in desktop?*

* In reality the problem with meltdown is with browsing with javascript (or maybe with java in browser?) enabled I don't think many people browsing with 32bit. The second problem is with malicious code (local exploit, not remote but check No4 above).
this is not a desktop, but you have addressed an important point that will keep me from hyperventilating.

Quote:
No problem if you run trusted code or in "secure" server.
would you care to expand just very quickly what you mean by ""secure" server" in this context?

Quote:
the official example (proof of concept) that I managed to run it was really slow. After 30 minutes it sucks cpu and nothing malicious found. So if you just check / control your CPU usage will able to understand the malicious attempt.
on a 32bit machine?
cool, thanks for sharing that.


Quote:
Originally Posted by ninaholic View Post
This is what Gentoo wiki says:
"Some 32-bit operating systems (for example if you are using 4gb/4gb memory split) are immune because they use separate memory maps for kernel and userspace."
relevant part highlighted.



i have also been searching for articles about meltdown & server; it would seem that virtualisation is the crucial point here, and if you're running a simple physical server without any of that, it's "less dangerous"?

Last edited by ondoho; 01-14-2018 at 03:38 AM.
 
Old 01-14-2018, 03:38 AM   #6
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 8,156
Blog Entries: 5

Original Poster
Rep: Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950
on fdn, a reply from some kernel coder came in:
Quote:
> Hi,
> I'm writing to you because I noticed your involement with the KPTI/KAISER
> patches. Across several varieties of linux distributions, users have
> noticed that kpti is impossible to enable because it depends on x86_64.
> Many of us are concerned that we are running 32-bit systems that are
> still vulnerable to meltdown; we are also concerned because it's a
> handful of users who have brought this to light, and major news and
> information from our distros are keeping silent on the topic. We are all
> wondering if you could shed some light: in particular, is x86 vulnerable?


Yes, 32bit is vulnerable. We haven't yet had time to look into that as the
vast majority of systems, especially the most endangered cloud stuff, runs
64bit. We know about it and the 32bit mitigation has been under discussion
already, but I can't tell at the moment when we are going to have that.

Sorry that I can't tell you better news.

Thanks,

Thomas
PS:
and a big THANK YOU to the unsung heroes that are working hard to pach this up!
especially to this one, who found the time to answer a question!

Last edited by ondoho; 01-14-2018 at 04:20 AM.
 
Old 01-15-2018, 10:52 AM   #7
clavisound
LQ Newbie
 
Registered: Apr 2011
Posts: 14

Rep: Reputation: 1
@ondoho thanx.

To my undestanding a bare metal server is not in danger compared to desktop.

BIG DISCLAIMER: I repeat that meltdown is local exploit. The big fail (of course) is that in case of another successful remote exploit, the attacker will gain local access and can attack the machine with the meltdown. So in desktop, the attacker does not need local access. It has local access with javascript or with Java in your browser. Unless you are browsing with your server

So the epic fail is in VM, since if you have a server in VPS you (or others) already have local access to the same machine and you (they) can use the meltdown exploit. Since the panic and the EPIC fail.

"secure" server (to my definition) is a server with extra software (SElinux) or hardware (TPM) on bare metal (not shared). I never used those technologies, I don't feel the need to do. I suppose you are safer with those technologies since you can control the software (binaries) that run on your (bare metal) machine.

I don't afraid the local exploits, but the remotes. I believe you can relax and just update your servers to defend from remote exploits :-)

The pof code that I tested was slow on 64-bit (2007) cpu and more slow on 32-bit (2004) cpu. Strangely the temp was not escalated, but only the cpu usage. It failed on both cpus. According to Intel both cpu's are safe!?, so I am confused about the situation after your last quote.
 
Old 01-16-2018, 01:13 AM   #8
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 8,156
Blog Entries: 5

Original Poster
Rep: Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950
thanks clavisound for writing it out clearly.
i had meanwhile arrived at the same conclusions and stopped hyperventilating.

again, it is proven that a server shouldn't have a gui, and other venerable general practice advice goes a long way.

Quote:
Originally Posted by clavisound View Post
So the epic fail is in VM, since if you have a server in VPS you (or others) already have local access to the same machine and you (they) can use the meltdown exploit. Since the panic and the EPIC fail.
just putting another stress on this.
all you remote server users, is your hosting provider's hardware affected?


Quote:
The pof code that I tested was slow on 64-bit (2007) cpu and more slow on 32-bit (2004) cpu. Strangely the temp was not escalated, but only the cpu usage. It failed on both cpus. According to Intel both cpu's are safe!?, so I am confused about the situation after your last quote.
doesn't that article list the CPUs affected?
and note, it lists whole "Families" and "Series"...
 
Old 01-17-2018, 11:04 AM   #9
clavisound
LQ Newbie
 
Registered: Apr 2011
Posts: 14

Rep: Reputation: 1
Quote:
Originally Posted by ondoho View Post
all you remote server users, is your hosting provider's hardware affected?
I don't get the question (sorry, my english are far from good).

Yes, the list is about the affected cpu's. Those I tested are not in affected list (series / family as you wrote), or maybe they are just abandoned / not checked by Intel because they are too old! I don't know!

The 64-bit cpu is 1st gen core duo and the 32-bit is in reality the mobile version of pentium-III processor. Both are immune to the pof as tested by me, according to Intel (and according to Gentoo?), but according to your source and to Google are affected.

Probably to early to have conclusions.

Last edited by clavisound; 01-17-2018 at 11:06 AM.
 
Old 01-17-2018, 07:18 PM   #10
Trihexagonal
Member
 
Registered: Jul 2017
Location: Land of 1000 Nights
Distribution: FreeBSD, OpenBSD and Solaris
Posts: 155

Rep: Reputation: 97
I've ran the update command on one of my 64bit FreeBSD boxen with the expected results since the fix has not been implemented as of yet:

Code:
# service microcode_update start
Updating CPU Microcode...
Please update your system in order to update CPU microcode.
Done.
# grep micro /var/log/messages
#
I tried it on my 32bit FreeBSD machine with no results whatsoever.
 
Old 01-18-2018, 01:02 AM   #11
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 8,156
Blog Entries: 5

Original Poster
Rep: Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950Reputation: 1950
Quote:
Originally Posted by ondoho View Post
all you remote server users, is your hosting provider's hardware affected?
Quote:
Originally Posted by clavisound View Post
I don't get the question (sorry, my english are far from good).
i mean that anyone who rents virtual server space should be concerned about the hardware & host system his/her provider uses.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Major Linux distros have Meltdown patches, but thats only part of the fix LXer Syndicated Linux News 0 01-12-2018 07:00 AM
LXer: Major Linux distros have Meltdown patches, but thats only part of the fix LXer Syndicated Linux News 0 01-11-2018 04:10 PM
LXer: Ubuntu 17.04 Zesty Zapus to Drop Support for 32-bit PowerPC (PPC) Architectures LXer Syndicated Linux News 0 12-23-2016 01:54 AM
LXer: CentOS 7 Linux Is Now Available for Download for 32-bit (i686) Architectures LXer Syndicated Linux News 0 06-04-2015 11:54 PM
Slackware for 64 bit architectures JKoder Slackware 15 08-28-2007 04:30 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration