Página principal de PROFESIONALESPCM.ORG Página principal de PROFESIONALESPCM.ORG Afíliate el Partido Comunista de España

Secciones: Software y Conocimiento Libre -  Ciencia

Título: Identificado un grave problema de seguridad en los procesadores Intel- Enlace 1 - Enlace 2 - Enlace 3 - Enlace 4

Texto del artículo:

¿Serán agujeros de seguridad a propósitos para espiarnos, será una estrategia de marketing para vendernos procesadores nuevos, o simplemente un error detectado 10 años después?. Una vez más, los usuarios de GNU/Linux lo tendremos más fácil para recibir actualizaciones y parches rápidamente desarrollados por los programadores del Kernel de GNU/Linux que los usuarios de Apple o Microsoft que tengan que esperar por las actualizaciones opacas....


Aquí se revela importancia del proyecto GNU/Hard, para conseguir un sistema no sólo con software libre, si no también con hardware libre:


Hardware Database ›
Respects Your Freedom hardware product certification
https://www.fsf.org/resources/hw/endorsement/respects-your-freedom


Debajo el contenido de las Noticias tomadas de El Pais, The Register y The Linux Kernel.:




Identificado un grave problema de seguridad en los procesadores Intel
Un error de diseño afecta a los dispositivos de la última década y la solución obliga a ralentizarlos


Un grave fallo de diseño en los procesadores Intel fabricados en la última década afecta a la seguridad de los equipos que gobiernan, según ha destapado The Register. Según este medio, este error permitiría que los hackers o cualquier otro programa tuvieran acceso al kernel, el conocido corazón del sistema en el que se almacenan datos sensibles del usuario, como las contraseñas y coordenadas de acceso a cuentas. Se trata de un problema de gran impacto entre los usuarios, dada la gran presencia del fabricante en el mercado. La solución obliga a parchear los equipos, lo que puede ralentizarlos.

La solución al fallo detectado obliga a parchear los equipos

Intel ha reconocido la existencia de este bug mediante una nota de prensa, aunque minimiza su impacto en los ordenadores y sugiere que no sería el único fabricante en el mercado afectado. El fabricante ha sido contundente al calificar como “imprecisas” las acusaciones vertidas, y ha explicado que está trabajando con otras marcas del mercado para proporcionar una solución global al exploit. El gigante ha comenzado ya a trabajar, dice, con las plataformas para distribuir parches que solucionarían el problema, y contrariamente a lo que inicialmente se había sugerido, esta solución no ralentizará en absoluto los sistemas, asegura.

Todo indica que el remedio a este fallo no podrá llegar de la mano de una mera actualización del firmware de la CPU (como suele ser habitual en estos casos), sino que el usuario de un chip de estas características podría verse abocado a adquirir un ordenador con otro tipo de procesador o a confiar en plataformas que trabajan ya en un rediseño de sus sistemas operativos para parchear el incidente.

Microsoft y Apple trabajan de manera urgente en una reprogramación de sus sistemas

Este bug afecta de manera indiscriminada a todas las plataformas y según informa The Register, tanto Microsoft como Apple trabajan de manera urgente en una reprogramación de sus sistemas para aislar el kernel de cualquier acceso no deseado. Los de Redmond tienen previsto publicar dicho parche el martes de la semana que viene, según informa este medio, mientras que la firma de Tim Cook aún no ha manifestado su posición al respecto. Aunque Intel lo niega, The Register asegura que la solución obligará a ralentizar de forma notable el rendimiento de los equipos, hasta el punto que este medio tasa en un 30% la reducción de la velocidad de los procesadores. Este freno será notable para los usuarios con equipos que ya estén justos de procesador (conviene recordar que el error de diseño se arrastra desde hace una década).

¿Cómo es posible que se haya descubierto ahora semejante problema de seguridad? Esta pregunta circula ya por la red ante la incredulidad de los usuarios. Fernando Suárez, vicepresidente del Consejo General de Colegios de Ingeniería en Informática, admite que "se trata de un problema grave". "Hay millones de equipos afectados y es una vulnerabilidad pública y, por tanto, conocida por potenciales atacantes", asegura. El informático recomienda "prudencia y tranquilidad porque los parches o actualizaciones que sacarán los diferentes fabricantes solucionarán el problema".

Entre tanto, AMD, el principal rival de Intel y que ya ha confirmado que sus chips no padecen de este error, ha visto sus acciones dispararse en Bolsa a la vista del posible incremento de las ventas de sus procesadores, al menos a falta de que Intel dé una respuesta al incidente.





Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign



Performance hits loom, other OSes need fixes








By John Leyden and Chris Williams






325
Reg comments







reddit




Twitter




Facebook




linkedin










Updated A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.


Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.


Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.



PostgreSQL SELECT 1 with the KPTI workaround for Intel CPU vulnerability https://t.co/N9gSvML2Fo




Best case: 17% slowdown


Worst case: 23%


— The Register (@TheRegister) January 2, 2018

Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or go buy a new processor without the design blunder.


Details of the vulnerability within Intel's silicon are under wraps: an embargo on the specifics is due to lift early this month, perhaps in time for Microsoft's Patch Tuesday next week. Indeed, patches for the Linux kernel are available for all to see but comments in the source code have been redacted to obfuscate the issue.


However, some details of the flaw have surfaced, and so this is what we know.



Impact


It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.


The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.


Whenever a running program needs to do anything useful – such as write to a file or open a network connection – it has to temporarily hand control of the processor to the kernel to carry out the job. To make the transition from user mode to kernel mode and back to user mode as fast and efficient as possible, the kernel is present in all processes' virtual memory address spaces, although it is invisible to these programs. When the kernel is needed, the program makes a system call, the processor switches to kernel mode and enters the kernel. When it is done, the CPU is told to switch back to user mode, and reenter the process. While in user mode, the kernel's code and data remains out of sight but present in the process's page tables.


Think of the kernel as God sitting on a cloud, looking down on Earth. It's there, and no normal being can see it, yet they can pray to it.


These KPTI patches move the kernel into a completely separate address space, so it's not just invisible to a running process, it's not even there at all. Really, this shouldn't be needed, but clearly there is a flaw in Intel's silicon that allows kernel access protections to be bypassed in some way.


The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel's overhead, and slows down the computer.


Your Intel-powered machine will run slower as a result.



How can this security hole be abused?


At best, the vulnerability could be leveraged by malware and hackers to more easily exploit other security bugs.


At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel's memory. Suffice to say, this is not great. The kernel's memory space is hidden from user processes and programs because it may contain all sorts of secrets, such as passwords, login keys, files cached from disk, and so on. Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data.


Specifically, in terms of the best-case scenario, it is possible the bug could be abused to defeat KASLR: kernel address space layout randomization. This is a defense mechanism used by various operating systems to place components of the kernel in randomized locations in virtual memory. This mechanism can thwart attempts to abuse other bugs within the kernel: typically, exploit code – particularly return-oriented programming exploits – relies on reusing computer instructions in known locations in memory.


If you randomize the placing of the kernel's code in memory, exploits can't find the internal gadgets they need to fully compromise a system. The processor flaw could be potentially exploited to figure out where in memory the kernel has positioned its data and code, hence the flurry of software patching.


However, it may be that the vulnerability in Intel's chips is worse than the above mitigation bypass. In an email to the Linux kernel mailing list over Christmas, AMD said it is not affected. The wording of that message, though, rather gives the game away as to what the underlying cockup is:




AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.



A key word here is "speculative." Modern processors, like Intel's, perform speculative execution. In order to keep their internal pipelines primed with instructions to obey, the CPU cores try their best to guess what code is going to be run next, fetch it, and execute it.


It appears, from what AMD software engineer Tom Lendacky was suggesting above, that Intel's CPUs speculatively execute code potentially without performing security checks. It seems it may be possible to craft software in such a way that the processor starts executing an instruction that would normally be blocked – such as reading kernel memory from user mode – and completes that instruction before the privilege level check occurs.


That would allow ring-3-level user code to read ring-0-level kernel data. And that is not good.


The specifics of the vulnerability have yet to be confirmed, but consider this: the changes to Linux and Windows are significant and are being pushed out at high speed. That suggests it's more serious than a KASLR bypass.


Also, the updates to separate kernel and user address spaces on Linux are based on a set of fixes dubbed the KAISER patches, which were created by eggheads at Graz University of Technology in Austria. These boffins discovered [PDF] it was possible to defeat KASLR by extracting memory layout information from the kernel in a side-channel attack on the CPU's virtual memory system. The team proposed splitting kernel and user spaces to prevent this information leak, and their research sparked this round of patching.


Their work was reviewed by Anders Fogh, who wrote this interesting blog post in July. That article described his attempts to read kernel memory from user mode by abusing speculative execution. Although Fogh was unable to come up with any working proof-of-concept code, he noted:




My results demonstrate that speculative execution does indeed continue despite violations of the isolation between kernel mode and user mode.



It appears the KAISER work is related to Fogh's research, and as well as developing a practical means to break KASLR by abusing virtual memory layouts, the team may have somehow proved Fogh right – that speculative execution on Intel x86 chips can be exploited to access kernel memory.



Shared systems


The bug will impact big-name cloud computing environments including Amazon EC2, Microsoft Azure, and Google Compute Engine, said a software developer blogging as Python Sweetness in this heavily shared and tweeted article on Monday:




There is presently an embargoed security bug impacting apparently all contemporary [Intel] CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads.



There are hints the attack impacts common virtualisation environments including Amazon EC2 and Google Compute Engine...



Microsoft's Azure cloud – which runs a lot of Linux as well as Windows – will undergo maintenance and reboots on January 10, presumably to roll out the above fixes.


Amazon Web Services also warned customers via email to expect a major security update to land on Friday this week, without going into details.


There were rumors of a severe hypervisor bug – possibly in Xen – doing the rounds at the end of 2017. It may be that this hardware flaw is that rumored bug: that hypervisors can be attacked via this kernel memory access cockup, and thus need to be patched, forcing a mass restart of guest virtual machines.


A spokesperson for Intel was not available for comment. ®



Updated to add


The Intel processor flaw is real. A PhD student at the systems and network security group at Vrije Universiteit Amsterdam has developed a proof-of-concept program that exploits the Chipzilla flaw to read kernel memory from user mode:



Bingo! #kpti #intelbug pic.twitter.com/Dml9g8oywk


— brainsmoke (@brainsmoke) January 3, 2018

The Register has also seen proof-of-concept exploit code that leaks a tiny amount of kernel memory to user processes.


Finally, macOS has been patched to counter the chip design blunder since version 10.13.2, according to operating system kernel expert Alex Ionescu. And it appears 64-bit ARM Linux kernels will also get a set of KAISER patches, completely splitting the kernel and user spaces, to block attempts to defeat KASLR. We'll be following up this week.







Date Mon, 04 Dec 2017 15:07:06 +0100
From Thomas Gleixner <>
Subject [patch 00/60] x86/kpti: Kernel Page Table Isolation (was KAISER)


This series is a major overhaul of the KAISER patches:

1) Entry code

Mostly the same, except for a handful of fixlets and delta
improvements folded into the corresponding patches

New: Map TSS read only into the user space visible mapping

This is 64bit only, as 32bit needs the TSS mapped RW

AMD confirmed that there is no issue with that. It would be nice to
get confirmation from Intel as well.

2) Namespace

Several people including Linus requested to change the KAISER name.

We came up with a list of technically correct acronyms:

User Address Space Separation, prefix uass_

Forcefully Unmap Complete Kernel With Interrupt Trampolines, prefix fuckwit_

but we are politically correct people so we settled for

Kernel Page Table Isolation, prefix kpti_

Linus, your call :)

3) The actual isolation patches

- Replaced the magic kaiser_add/remove_mapping() code by mapping everything
which needs to be shared with user space into the fixmap

- PMD aligned the shared fixmap so the PTE page can be shared between
user and kernel space page tables

- Integrated all fixes and Peters rewrite of the PCID/TLB flush code.

- Restructured the patch set in a way that it is simpler to review

- Got rid of the strange wording of shadow page tables, because they are
not shadowish at all. KASAN, virt etc. use shadows, but these tables
are actively in use and integral part of the functionality

- Moved the debugfs files into a new directory so they don't clutter the
debugfs root directory.

LIMITATIONS:

- allmod/yes config builds fail right now because the fixmap grows
too large and breaks the EFI assumptions. This is still investigated.

A possible solution is just to use one of the address space holes
and grab a separate pgdir to map the cpu entry area. Not hard to do
and it wont change much of the principle of these patches.

TODOs:

- This needs a thorough review again. Sorry.

- Please verify that all fixlets have been integrated. The mail threads
are horribly scattered so I might have missed something.

- Rewrite documentation. I dropped the documentation patch as it not
longer applies.

- Handle native vsyscalls. Right now the patch set supports only
emulation, but it should be possible to support native as well.
Nothing urgent, I'd rather prefer to kill them completely.

- Populate a branch with minimal prerequisite patches to apply.

Thanks to Andy Lutomirsky, Peter Zijlstra, Ingo Molnar, Borislav Petkov and
Dave Hansen for all the help with this.

The patches apply on top of

git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/urgent

and are available from git in

git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git WIP.x86/kpti

and as tarball from

https://tglx.de/~tglx/patches-kpti-119.tar.bz2

Signature file for the uncompressed tarball

https://tglx.de/~tglx/patches-kpti-119.tar.sig

Thanks,

tglx

Artículo de www.profesionalespcm.org insertado por: El administrador web - Fecha: 04/01/2018 - Modificar

Comparte el artículo en las REDES SOCIALES: delicious Delicious | meneame Meneame | facebook Facebook | twitter TWITTER | Technorati | barrapuntoBarrapunto
Próximamente disponible también para * Digg * Google Bookmarks* Wikio * Bitacoras.com * Reddit * * RSS * Technorati * Tuenti
Accedido o leido aproximadamente 227 veces desde 04/01/2018

Sitio Web del Núcleo de Profesionales y Técnicos del Partido Comunista de Madrid PCM/PCE- http://www.profesionalespcm.org 
Actualizado a 24/03/24
Los comentarios y colaboraciones son bienvenidos
(comunistas_ARROBA_profesionalespcm_PUNTO_org): Carta a comunistas_ARROBA_profesionalespcm_PUNTO_org
Envíanos tu colaboración, o comentarios vía formulario.
¡¡AFÍLIATE EL PARTIDO COMUNISTA DE MADRID - PCE
!

BÚSQUEDAS en este sitio web
AGREGADOR - SINDICACIÓN DE NOTICIAS RSS RDF XML DE PROFESIONALESPCM.ORG - SYNDICATE OUR NEWS - Content FeedsAGREGADOR - SINDICACIÓN DE NOTICIAS RSS RDF XML DE PROFESIONALESPCM.ORG - SYNDICATE OUR NEWS - Content FeedsAgregador RSS de noticias y contenidos - Aquí OTRA VERSIÓN DEL AGREGADOR RSS XML  AGREGADOR - SINDICACIÓN DE NOTICIAS RSS RDF XML DE PROFESIONALESPCM.ORG - SYNDICATE OUR NEWS - Content FeedsAGREGADOR - SINDICACIÓN DE NOTICIAS RSS RDF XML DE PROFESIONALESPCM.ORG - SYNDICATE OUR NEWS - Content Feeds

IMPRIMIR Imprimir ESTA PAGINA (sólo si es imprescindible)  

Secciones: 
    [11-M Terror y Manipulación]  [15M, SUMAR, mareas, unidad popular, PAH]  [Acta Moderna]  [África]  [Anarquismo]  [Antiglobalización]  [Antivirus, Seguridad Informática]  [Archivo Sonoro, música y vídeo]  [Argentina]  [Bibliografía/Citas]  [Brasil]  [CC.OO.]  [CGT]  [Chile]  [China, R.P.]  [Ciencia]  [Cine]  [Colombia]  [Congresos]  [Contactos]  [Convenios Colectivos]  [Convocatorias]  [Convocatorias defensa FERROCARRIL]  [Correo recibido]  [CORRUPCIÓN, puertas giratorias,impuestos, transparencia]  [Cuba Socialista]  [Documentos militante IU/ PCE]  [Documentos, opinión, debate]  [Ecologismo, Movilidad y Soberanía Alimentaria]  [Economía]  [El Problema Español]  [Empleo (ofertas)]  [Enlaces]  [Esperanto]  [Estados Unidos de América]  [Europa]  [FIRMAS DE APOYO A MANIFIESTOS]  [Formación / Educación]  [Foro/Lista de Correo]  [Fotografías]  [Huelga General]  [Humor]  [Infancia / Juventud]  [Legislación]  [Literatura y otras Artes]  [Marxismo]  [Memoria Histórica]  [México]  [Movimiento Obrero/Mundo del Trabajo]  [Mujer / Feminismo]  [Mundo Insurgente]  [No Fumar /Derecho Fumadores Pasivos]  [Organigrama]  [Palestina]  [Plan de Trabajo]  [Prensa / Medios comunicación]  [Profesionales y Comunistas]  [República Española, La Tercera y Socialista]  [Resoluciones]  [Rusia, URSS, Centenario Revolución Soviética]  [Sáhara Occidental]  [Salud]  [Sexualidad y mundo gay]  [SIDA]  [Software y Conocimiento Libre]  [Venezuela Bolivariana]  [Yugoslavia y la autogestión socialista]
Volver a la página principal de www.profesionalespcm.org

Volver a la página de inicio
Código QR para dispositivos móviles:


Novedades

     ¡ PINCHA AQUÍ PARA VER LISTADO COMPLETO Y CRONOLÓGICO DE LAS NOVEDADES PINCHA AQUÍ PARA LISTADO COMPLETO Y CRONOLÓGICO DE LAS NOVEDADESPINCHA AQUÍ PARA VER LISTADO COMPLETO Y CRONOLÓGICO DE LAS NOVEDADES

MANIFIESTO DEL PROYECTO SUMAR:

Página principal de www.profesionalespcm.orgINCLUYE EL BANNER EN TU SITIO WEB   PCE
Recomendado reproducir material citando su procedencia. Esta publicación es copyleft. Puede ser copiada sin ninguna restricción siempre que se mantenga esta nota. Apostamos por una Internet para todos y por el Software Libre EL NÚCLEO DE PROFESIONALES Y TÉCNICOS DEL PCM SE IDENTIFICA Y HACE RESPONSABLE EXCLUSIVAMENTE DE LOS TEXTOS INCLUIDOS EN ESTE SITIO WEB, QUE FIRME COMO RESOLUCIONES O COMUNICADOS DE LA MISMA. Todos los datos públicos de este sitio web están tomados de la Red o enviados por sus creadores, su único fin es divulgar la noticia, nunca apropiarse de textos y fotos, Siempre publicamos  la fuente cuando es conocida



Blog de debate NEURONASROJAS.profesionalespcm.org

Muro en Facebook NEURONASROJAS de profesionalespcm.org


Canal en YouTube de profesionalespcm.org

Sitio desnuclearizado, camapaña de Ecologistas en Acción
Sitio desnuclearizado, campaña de Ecologistas en Acción


NO PAGUES LA CRISIS

NO A LA GUERRA: El Partido Comunista de España condena el ataque de la Federación Rusa a Ucrania-
NO A LA GUERRA


NO AL CANON DE CDs DE LA SGAE
NO A LAS PATENTES DE SOFTWARE

No acepto ser fumador pasivoEl humo ambiental del tabaco mata. No fumes en lugares comunes
GRACIAS POR NO FUMAR EN LUGARES COMUNES
EL COCHE DEVORA A TU CUIDAD, TU PLANETA Y TUS AMIGOS, APARCA EL COCHE PARA SIEMPREAPÁRCALO PARA SIEMPRE