
“God Mode” exploit found in old x86 chips - loydb
https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html
======
bryanlarsen
this was discussed yesterday:
[https://news.ycombinator.com/item?id=17727140](https://news.ycombinator.com/item?id=17727140)

------
monocasa
A) It's documented, and is disabled by default.

B) It's not a coprocessor, it's the RISC like engine inside the processor that
microcode targets.

~~~
sgillen
> While the backdoor should require kernel level access to activate, it has
> been observed to be enabled by default on some systems, allowing any
> unprivileged code to modify the kernel.

According to the github page README

~~~
monocasa
I mean, those systems where it's "enabled by default" are systems where kernel
or bios explicitly turned it on.

It's a huge problem, and needs to be fixed, but we should use accurate
language.

~~~
sgillen
yes you are right we should be careful with our language here. it is disabled
by default in the sense that the OEM would have to enable it in order for the
exploit to be effective. However since it appears that sometimes the OEMs have
been enabling this feature before shipping from consumers, from the consumer
standpoint it would appear to be enabled by default.

Just a matter of perspective I guess but yeah it's very important to be clear
here.

~~~
umanwizard
The point is that this is not an "exploit in x86". If a lot of Linux admins
make their root password "12345" and expose their systems to SSH and you log
in to their accounts, you haven't found "an exploit in Linux".

------
sova
Ho.lee.shit! This is stunning. After quite an array of consecutive processor
ring-level security compromises being reported, finding some oldschool
hardware with even olderschool exploits that somehow proliferated to the
modern day is quite a nice rounding in of a hitherto forgotten fog of computer
exploits: the processor as a universal eyeball is a soft spot in the tower of
defense.

~~~
loydb
And you know there are a bunch of intelligence agencies around the world that
are either cussing this guy out, or furiously downloading example code (or
both).

~~~
sgillen
True I'm sure spy agencies around the world have a whole database of known (to
them) exploits like this. So might have even commanded or lobbied that these
features be put in in the first place.

------
loydb
This potentially impacts a ton of infrastructure machines that will be very
difficult to patch.

~~~
sova
To me it seems that a patch would be like trying to put a band-aid on the
brainstem for a concussion. These exploits run lower and can be triggered at
any time with the appropriate instructions. Is it even possible to patch?

~~~
sgillen
Looks like this feature has to at least be enabled somewhere for it to work
(it just so happens that for some systems it is enabled by default). If that
really is the case it might be possible to disable the system, as long as only
something in layer 0 can turn it back on. Although yeah still not an ideal
situation.

~~~
sova
Thanks for the clarification, good it's not on by default

