Re: Pentium bug: unbelievable behavior

[joost@rulcmc.leidenuniv.nl (joost witteveen)]

> The page
> http://support.intel.com/support/processors/pentium/ppiie/software.htm
> contains comments from the main OS vendors on what they have done to
> solve the problem.
> 
> I can't beleive there are OS vendors like Sun, Novell, Microsoft, etc
> that say that they are not affected by the bug because they require
> user authentication to be able to run programs in the OS's, or that
> they haven't heard of problems from their customers. Gosh!!! This is
> unbelievable!!!

Why? I don't see anything strange/stupid in Microsoft's responce on
the page you mention: On Win3.11/95, as far as I know, there isn't
much difference between what we call "user" and "root", so any
user can already lock the machine solid. That there is another
5-byte opcode that also does it, is rather irrelevant for Win3.11.

And SunSoft's responce is quite "commercially right" too. Play
down the importance of the problem as long as you can (i.e., until
you have a patch). Anyway, I don't think there are too many people
running SlowLaris on x86 machines, so the problem isn't that big for
SunSoft.

Oh, and I don't know enough about Novel's network operating 
system NetWare/IntranetWare. If it's only a "nework system", that
doesn't allow execution of random bits of code, then what they
say is true. Same holds for a Linux-2.0.31 Samba/NFS fileserver,
you cannot crash that with the f00f bug either.

-- 
joost witteveen, joostje@debian.org

Potentially offensive files, part 5: /dev/random.
`head -c 4 /dev/random` may print 4-letter words (once every approx 4e8 tries).


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .