Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD Chief De Raadt Says No Easy Fix For New Intel CPU Bug 'TLBleed' (itwire.com)

Posted by BeauHD on from the one-size-doesn't-fit-all dept.

Recompiling is unlikely to be a catch-all solution for a recently unveiled Intel CPU vulnerability known as TLBleed, the details of which were leaked on Friday, the head of the OpenBSD project Theo de Raadt says. iTWire reports: The details of TLBleed, which gets its name from the fact that the flaw targets the translation lookaside buffer, a CPU cache, were leaked to the British tech site, The Register; the side-channel vulnerability can be theoretically exploited to extract encryption keys and private information from programs. Former NSA hacker Jake Williams said on Twitter that a fix would probably need changes to the core operating system and were likely to involve "a ton of work to mitigate (mostly app recompile)." But de Raadt was not so sanguine. "There are people saying you can change the kernel's process scheduler," he told iTWire on Monday. "(It's) not so easy."

He said that Williams was lacking all the details and not thinking it through. "They actually have sufficient detail to think it through: the article says the TLB is shared between hyperthreading CPUs, and it is unsafe to share between two different contexts. Basically you can measure evictions against your own mappings, which indicates the other process is touching memory (you can determine the aliasing factors)." De Raadt said he was still not prepared to say more, saying: "Please wait for the paper [which is due in August]."

7 of 123 comments (clear)

  1. Illusion of speparation in VM by sinij · · Score: 4, Insightful

    If not this one, maybe the next bug of this kind will finally put illusion of VM separation to rest. If you are running something in the cloud, there is no way to secure it. Start bringing important stuff back in-house, and better use dedicated hardware. Yes, these old-fashioned blade servers were in the access-controlled server room for a reason.

    1. Re:Illusion of speparation in VM by Anonymous Coward · · Score: 0, Insightful

      Tell it to Harley Davidson you burrowing sycophant traitor's ass worm iggy.

  2. Special settings by duke_cheetah2003 · · Score: 4, Insightful

    Like Meltdown and Spectre, this 'exploit' requires a lot of things to be 'just right' for an exploit or data leak to occur.

    I'm not saying they're worthless exploits, but again, when I read some of the particulars about the research.. well this popped out:

    The team used AI – specifically, a support vector machine classifier – to identify when a program is executing a sensitive operation, such as a cryptographic function, through the TLB latencies, and read out that app's private data as a stream of bits, allowing them to reconstruct things like crypto keys. There are hurdles to overcome, such as address-space layout randomization – however, the team believes these can be defeated in real-world attacks.

    So I really don't know a lot about AI implementations, but I'm going to take a liberty and say, that's probably computationally expensive to be doing. That they needed an AI to even get anywhere examples how sensitive this exploit truly is. Expecting to deploy an AI in the wild (malware) and have it grabbing stuff from whatever... it's a pretty big stretch from these laboratory conditions to real-world.

    I'm not going to say there's nothing here, but I am going to say: Where's the beef? Cuz it's awfully small with this exploit, there's much easier ways to steal information.

    Lastly, it seems isolated to HyperThreading Intel CPUs, from what I read. Yes, it's a big attack surface, but still.. an exploit working in your special setting doesn't really move me much, especially how special these particular set of conditions were.

    1. Re:Special settings by 93+Escort+Wagon · · Score: 5, Insightful

      Theo: Worried
      Random Slashdotter: Not so worried

      No offense, but I’ll go with the OpenBSD and LibreSSL guy on security matters.

      --
      #DeleteChrome
    2. Re:Special settings by DarkOx · · Score: 3, Insightful

      You have to consider the scope though - Both Random Slashdotter's lack of concern and Theo's worry are justified in my opinion.

      Theo: is developing an operating system that is supposed to be essentially the most secure choice. He has a user base that will be deploying it on high value targets. High enough value that a state actor or other well funded well connected group might take interest. Such groups would be capable and willing to develop situationally specific malware + exploit code. If I was using BSD/Intel to run my uranium enrichment process - I'd worry.

      On the other hand as far as Random Slashdotter goes - He is probably correct that we won't see this as a metasploit module or meterpreter plug-in anytime soon. Its debatable as to if these exploits could be used in the 'wild' without being highly customized for the target by people who have advanced math/comp sci degrees. In other words even if your bitcoin wallet stored on that VPS is worth few hundred thousand its likely impractical to go after you in this way. So being somewhat dismissive about these attacks as an individual is justified as well.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  3. The problem is the douchebag humans by presidenteloco · · Score: 1, Insightful

    who waste their life coming up with ways to fuck up other peoples' day by hacking their computer.

    Pondscum basically. Or pathogenic bacteria. Take your pick. But such is life I guess.

    --

    Where are we going and why are we in a handbasket?
  4. Hm by skovnymfe · · Score: 3, Insightful

    Am I to understand that every single performance enchancement made by Intel in the last 20 (?) years is flawed and prone to disaster-bugs?