backtop


Print 93 comment(s) - last by kalak.. on Aug 8 at 2:42 PM


Developers told not to panic over new Intel Core 2 Duo steppings

OpenBSD founder Theo de Raadt publicly denounced Intel’s Core 2 processors on the OpenBSD mailing list. Raadt cited 38 pages of processor errata from Intel’s published CPU specifications (PDF).

“These processors are buggy as hell, and some of these bugs don’t just cause development/debugging problems, but will *ASSUREDLY* be exploitable from userland code," Raadt said. "Some of these are things that cannot be fixed in running code, and some are things that every operating system will do until about mid-2008, because that is how the MMU has always been managed on all generations of Intel/AMD/whoeverelse hardware."

Linux coordinator and former Transmeta employee Linus Torvalds, thought otherwise and considers these bugs “totally insignificant.”

Processor errata is nothing new, Torvalds said. Commodity CPUs such as chips based on the Intel Core 2 architecture have a considerably lower bug rate than proprietary boutique CPUs.

“Yeah, x86 errata get more attention," said Torvalds. "But those things are pretty damn well tested. Better than most.”

The errata document specifically mentions the Core 2 Duo E4000, E6000, and X6800 series processors. None of the errata are nearly as insidious or widespread as more infamous problems, like the original Pentium floating-point bug, although some can lead to buffer overflow exploits, claims de Raalt. All of the current errata have patches in the works or can be — and have been — worked around by developers.

In a statement from Intel Global Communications, Nick Knuppfer writes:

“Months ago, we addressed a processor issue by providing a BIOS update for our customers that in no way affects system performance. We publicly documented this as an erratum in April. All processors from all companies have errata, and Intel has a well-known errata communication process to inform our customers and the public. Keep in mind the probability of encountering this issue is extremely low."

“Specification Updates for the affected processors are available at http://developer.intel.com. All errata are thoroughly investigated for issues and vulnerabilities, should they have any we fix them, usually through a microcode update.”


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Processor bugs are nothing new
By Fritzr on 7/4/2007 11:15:02 PM , Rating: 2
quote:
and a community behind that make hundreds of useful extensions..


This is a proven security risk with several holes reported & fixed ... of course the others...

I use Opera...also buggy just as IE & FireFox are. In general they share the same major flaws that arise from the nature of the code they are designed to correctly parse. In addition each of the three and the other less well known browsers have programmer errors & design features/errors that introduce additional security holes.

IE is distributed with all Windows installs & is ported to other OSes ... so it has the largest number of target systems available for attack.

FireFox is heavily marketed as an IE alternative. As a result it is highly visible and the number of installed copies in use is growing fast. This makes it an attractive secondary target.

I use Opera as it is less visible than the other 2, does all that I need and some of the nice features either appeared here first or at the very least I became aware of them here first. There are things that still stop Opera, so I keep FireFox & IE installed and even use them a few times a year.

This does not eliminate risk, but by going with the least visible browser that does what I need, I minimize the number of folks using me for target practice :P

I tend to agree with Linus on the original issue. As long as bugfixes are avalable below the OS level the risk is minimal due to more lucrative targets being available.

Of course putting the spotlight on the possibilty of micro-code reprogramming will challenge the oldtimers who do it for the challenge :P


"We are going to continue to work with them to make sure they understand the reality of the Internet.  A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki