Intel bug security


#1

What about the intel security bug. Is really important for a non non multiuser Os?


Haiku and Spectre/Meltdown
#2

Yes, Haiku is likely affected by the problem. An interesting writeup about it here: https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

We use a layout similar to Linux for this, with kernel space from 0 to 7FFFFFFF and user space from 80000000 to FFFFFFFF (addresses are different on 64bit systems but the idea is the same).

Fixing this would be a major rework of how things work at a rather low level. The kernel should be completely unmapped when running userland code, and mapped again whenever there is a system call.

So yes, we should fix this.

However, there are probably many other, and much simpler, attacks affecting Haiku. Since all applications are running as the root user, they could compromise the system in many ways, without even needing to get access to the kernel. And, there are known issues in the API design that make it hard to secure anything (for example, you can open a file by its node id, which make it impossible to honor file permissions on the file and its parent directories, and allows to escape chroots). So, even if we fix this, Haiku will still be as insecure for many other reasons.


#3

i am really agaisnt loose 30% of my power xD


#4

I think it’s probably low on the list of worries. Aside from all the other vulnerabilities that Haiku has, constructung a hack to use this hole would take effort. Malefactors are going to expend that where they see a worthwhile target. When Haiku starts being used by the NSA or banks, then we worry! :slight_smile:


#5

Wait a minute … if you are going to fix registers, and one of the problems with Wine working on Haiku is the same register range, then when you fix the intel flaw, you could do so in a way that helps Wine to work. You could solve 2 problems at once.


#6
Intel Core de la 6ª, 7ª y 8ª generación.
Intel Xeon E3-1200 v5 y v6.
Intel Xeon Scalable.
Intel Xeon W.
Intel Atom C3000
Intel Atom E3900
Intel Pentium de la plataforma Apollo Lake.
Intel Celeron N y J.

List of affected processor, mmmm i am not in the list, and lenovo already are patching … wow.


#7

What is the source of this list? Intel? Lenovo? Other?

Assuming that this list is correct, this would mean that a system running on a 5th Generation, or earlier, Intel Core would be “safe” from this security flaw. For Windows 7 users, it is good that this flaw has been discovered before it reaches its end-of-life (April 2019) as their systems will receive the patch if running on a 6th Generation, or later, Intel Core.

It should be noted that the issue is not limited to only Intel CPUs. From what Iis starting to be understood, the flaw potentially exists in any CPU in which speculative execution has been implemented to improve performance.

With respect to differences in performance between Core Generations, the following article, comparing i7 based systems from the 2nd and 8th Generations in a gaming context is quite interesting:
( https://www.techspot.com/review/1546-intel-2nd-gen-core-i7-vs-8th-gen/ ).


#8

Be careful as there are two distincts problem.

First there is the “spectre” attack. The idea here is that you can use timing to detect wether some data is in the L1 cache or not, witohut actually accessing such data (so you can do it even when you don’t have access to the data). This can be used both inside a process (for example a javascript code in a webpage could access Firefox passwords), and with a tweak, between two different processes. This can affect all CPUs, no matter the instruction set or internal design. However, the attack needs to be specifically crafted for each application, and the fixes are also application-specific (ASLR helps, and there will probably be other similar counter-measures).

Then, in addition to that there is the “meltdown” attack. This uses largely the same idea, but because of an additional problem in intel (and, so far, only intel) CPUs, it can also be used from an userland application to directly access kernel data. This is the one that led to that large patch in Linux to unmap the kernel memory completely (not just read/write protect it) when userland code is running (which is a little costly - but newer Intel CPUs already provide a faster way to do this).

And yes, if we were to fix this we would probably implement a “4G/4G split” for 32-bit Haiku. Since the kernel and userland memory do not need to live side by side in memory anymore, we could as well have each of them allowed to use the full address space, which could help with porting Wine and would also allow apps to use more than 2GB of memory, a limitation we sometimes hit (for example if you open a lot of big/complex pages in Web+)


Why still a 32 bit version?
#9

Some of the details about the impact of the patches Microsoft did for various CPU/Windows combinations:. Unfortunately, qualitative information is provided about the impact on performances:
(
https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/ ).

Going further down the links lead to some details about the patches applied: “In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact.”

Hopefully, the CPU microcode patch will not impact any future installation of Haiku on the patched systems!


#10

But even if they would not run as root, but as user - I guess it wont make files of that user safer at any way. Am I correct? And my (as user) biggest thing is to get my photos and bank account safe, cracking of other parts of OS isnt worse from my perspective.


#11

Exactly.


#12

It can be a good idea have “safe places” for security topics without be multiuser?


#13

https://linux.slashdot.org/story/18/01/22/0648227/linus-torvalds-calls-intel-patches-complete-and-utter-garbage last opions about intel patches.


#15

Interesting you say this, because this is EXACTLY what I have been saying for awhile, concerning making Haiku 100% secure. The problem is, no one is interested in “going back to the beginning”, to actually accomplish this. Yet, is security not of paramount importance in this day and age of viruses, spyware, trojans, worms, ransomware, and malware/exploits of other types?

What would it be like to create an OS environment, where you didn’t have to rely on simple abscurity (nobody cares about attacking Haiku, because it’s not important or well known enough) to protect against such threats, but you could DARE people to try and attack your system and watch as they fail, time and time again? To do what no other OS made today actually does or can do?

But it would require a total rewrite of how Haiku interacts with the user and applications and the outside world (and no… that doesn’t mean being disconnected from the internet, as someone once said). And no one is willing to do that because their precious “freedom” to do whatever they like in their system trumps never having to worry about what someone ELSE might want to do with their data.

If “freedom” equals data insecurity… is your data worth less than your freedom to do whatever on your computer? My data is a part of me. Destroy my computer… I couldn’t care less. I can always build/buy a new one. But damage/erase my data and I’ve lost everything!

Backing up your data is always a good thing (I think I have too MANY copies of various data of mine across several thumb drives), but what about data of yours falling into the wrong hands? Passwords… personal information… files. Once is all they need… and they’ll have it forever. 50 million backup copies won’t do you any good then. Preventing the theft, in the first place, is what was needed. Is even a 1% chance of that type of compromise acceptable? Not in my book… because, sooner or later, it WILL happen. It’s just a matter of time and chance… or opportunity and motivation.


#16

No one follows you because:

  1. you still did not say anything more than “let’s rewrite it from scratch” with no explanation of what would change
  2. it would not be Haiku. Call it LuposianOS, and run a kickstarter to hire devs if you want it to happen. Please do not hijack an existing project, especially if the core of your idea is “this code you worked on for the last 18 years? I don’t need it.”