HyperThreading begining of the end!

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

As most people know by now Hyperthreading, has a security flaw found by
researchers working with the BSD projects.

http://www.daemonology.net/hyperthreading-considered-harmful/

Another good article can be found here:

http://www.eweek.com/article2/0,1759,1815954,00.asp

After reading the eweek article, it seems that a few people are miffed
at this discovery, one even suggests it might be easier to just take
the machine. Another one suggest that it would best be solved in a
software update, and for now to just turn off HyperThreading.

We know that Intel is moving away from Netburst, and that for the most
part HyperThreading will not be a factor in dual core chips. It only
seems to affect the current lines based on Netburst designs.

I think this will hurry up the demise of HyperThreading, as I really
don't see a big push for software makers like MS to push out an update.
I could see Intel pushing dual core as on option, but wait they have
not released dual core for servers. Since servers will be the most
likely to be affected, I see this as a another AMD win, reason for
switching to dual core AMD chips.

Rthoreau

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

On 14 May 2005 09:42:42 -0700, "Rthoreau" <rthoreau@iwon.com> wrote:

>As most people know by now Hyperthreading, has a security flaw found by
>researchers working with the BSD projects.

It's not really so much a security flaw in Hyperthreading itself as it
is a security flaw in the operating systems that can be exploited
through Hyperthreading. It's also a flaw that should be WELL down the
list of security concerns for most people, though obviously no
security concerns can be completely ignored.

>http://www.daemonology.net/hyperthreading-considered-harmful/
>
>Another good article can be found here:
>
>http://www.eweek.com/article2/0,1759,1815954,00.asp
>
>After reading the eweek article, it seems that a few people are miffed
>at this discovery, one even suggests it might be easier to just take
>the machine.

And he's quite right! Exploiting this issue to gain any meaningful
information would be excruciatingly difficult. Actually picking up
the machine and marching out the door with it is probably the easiest
way to get this info, though it tends to be a bit... um... obvious. A
much more important concern is for things like buffer overflows and
more standard methods of gaining increased permissions on a system (as
is noted in these articles, this is not a remote exploit but one that
requires a user already have at least limited-permission access to a
system).

> Another one suggest that it would best be solved in a
>software update, and for now to just turn off HyperThreading.

It can and is being solved with software updates. As a note, it's
theoretically possible that this sort of exploit could be a factor in
some other multithreaded architectures, eg. IBM's Power5. It's not
entirely unlike some other exploits that could theoretically exist for
more standard multiprocessor setups as well as dual-core chip. The
only real difference here is that it

>We know that Intel is moving away from Netburst, and that for the most
>part HyperThreading will not be a factor in dual core chips. It only
>seems to affect the current lines based on Netburst designs.
>
>I think this will hurry up the demise of HyperThreading, as I really
>don't see a big push for software makers like MS to push out an update.

I'd strongly disagree here, this is mostly a non-issue. As mentioned
above, actually gaining any useful information from this would be MUCH
more complicated than with any of the multitude of existing security
flaws, particularly considering it requires that the user already have
access to the system.

As for software updates, at least one BSD has already updated their
code and others will work on it. Since this is such a low-priority
threat it might take some time for others to release updates, but they
will happen eventually.

In any case, the real issue here is more just that this is a new style
of exploit we don't see much of, that is why it's getting some press.
There are thousands upon thousands of other known exploits that would
be much easier for a malicious user to implement. But buffer overflow
exploits are boring these days, we've all seen too many of them to
really care much about.

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

Using a finger dipped in purple ink, "Rthoreau" <rthoreau@iwon.com> scribed:

>I think this will hurry up the demise of HyperThreading,

What would POSSIBLY lead you to THAT conclusion??

This apparently only affects multi-user Linux systems.

Do you REALLY think Intel will STOP using Hyper-Threading because of
a Linux problem, and a SMALL one at that??





--

The truth is out there,

but it's not interesting enough for most people.

 

[keith]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

On Sat, 14 May 2005 16:34:00 -0400, Tony Hill wrote:

> On 14 May 2005 09:42:42 -0700, "Rthoreau" <rthoreau@iwon.com> wrote:
>
>>As most people know by now Hyperthreading, has a security flaw found by
>>researchers working with the BSD projects.
>
> It's not really so much a security flaw in Hyperthreading itself as it
> is a security flaw in the operating systems that can be exploited
> through Hyperthreading. It's also a flaw that should be WELL down the
> list of security concerns for most people, though obviously no
> security concerns can be completely ignored.

"WELL down the list of security concerns for most people" would include
anyone using _any_ sort of Windows.

--
Keith

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

Never anonymous Bud wrote:
> Using a finger dipped in purple ink, "Rthoreau" <rthoreau@iwon.com> scribed:
>
>
>>I think this will hurry up the demise of HyperThreading,
>
>
> What would POSSIBLY lead you to THAT conclusion??
>
> This apparently only affects multi-user Linux systems.
>
> Do you REALLY think Intel will STOP using Hyper-Threading because of
> a Linux problem, and a SMALL one at that??

What lead you to believe this only affects multiuser linux systems? It
affects any OS that can turn the Hyperthreading on. It was just
discovered by somebody who was working on a multiuser BSD system.

Yousuf Khan

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

Using a finger dipped in purple ink, "Rthoreau" <rthoreau@iwon.com> scribed:

>I think this will hurt sales of any Netburst based system,

Just WHY would a MINOR software problem (easily fixed)
that exploits Hyper-Threading, have any effect on NetBurst??





--

The truth is out there,

but it's not interesting enough for most people.