Re: Intel Pentium Bug

John Pettitt (jpp@CYBERSOURCE.COM)
Fri, 07 Nov 1997 20:04:07 -0800

Interesting indeed, trashing the microcode would be somewhat lame, adding a
"give kernel mode now" instruction - that would be art :-)

side note: I'm told one of the early micros (6800????) had a "stop and catch
fire" instruction. An invalid opcode that locked the cpu with all the
internal bus drivers on causing the chip to burn itself out!

-----Original Message-----
From: Eric Allman <eric@SENDMAIL.ORG>
To: BUGTRAQ@NETSPACE.ORG <BUGTRAQ@NETSPACE.ORG>
Date: Friday, November 07, 1997 6:29 PM
Subject: Re: Intel Pentium Bug

>This scenario does assume that the instruction sequence that updates
>the microcode is accessible when the processor is in user mode. Of
>course, it does make an attack that lets you run in kernel mode
>rather more interesting....
>
>eric
>
>
>============= In Reply To: ===========================================
>: From: Aleph One <aleph1@DFW.NET>
>: Subject: Re: Intel Pentium Bug
>: Date: Fri, 7 Nov 1997 19:49:28 -0600
>
>: On Fri, 7 Nov 1997, George Imburgia wrote:
>:
>: > Intel recently acknowledged that they enabled the ability to update
>: > microcode on Pentium chips several years ago. That's right folks, they
put
>: > a backdoor in your hardware. The good news is, it could be used to fix
>: > this bug, should Intel be so inclined.
>: >
>: > AMD's microcode is updateable too. No clue about cyrix.
>:
>: This is something I discussed with a friend about two years ago.
>: Imagine if you will someone with information on how to download new
>: microcode to the CPU. This person has the availity to write a
>: virus/trojan/activex/program that can now compleatly disable your CPU
>: in such a way that it would need to be taken out to reinitialize.
>: If they fully disable the CPU the end user would program replace every
>: single component of the computer before the CPU. This would cost
thousands
>: of hours of lost work and man power.
>:
>: Far worse, it could introduse subtle random flaws in for example the
login
>: or artihmetic processing. How may industries would be affected if hit?
>: Or what about microcode backdoors that add your own instructions to
>: bypass memory protection? You could write your own program to modify
>: your process structure to become owned by root. The possibilities are
>: endless.
>:
>: If Intel where to provide a program to update the microcode on the CPU
>: it would most probably be disassembled and reverse engineered quickly.
>: Whats a multi-billion company to do?C
>:
>: > George Imburgia, Network Specialist Phone: (302)739-4068
>: > Delaware Technical & Community College Fax: (302 739-3345
>: > Office of the President e-mail:
gti@hopi.dtcc.edu
>:
>: Aleph One / aleph1@dfw.net
>: http://underground.org/
>: KeyID 1024/948FD6B5
>: Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
>