

An X86 Design Flaw Allowing Universal Privilege Escalation - thomnottom
https://www.blackhat.com/us-15/briefings.html#the-memory-sinkhole-unleashing-an-x86-design-flaw-allowing-universal-privilege-escalation

======
Moral_
_to demonstrate how to jump malicious code from the paltry ring 0 into the
deepest, darkest realms of the processor._

So you already have to be in ring 0. Pretty click baity title.

~~~
frik
Intel CPUs support Ring0-3. But...

[http://en.wikipedia.org/wiki/Protection_ring](http://en.wikipedia.org/wiki/Protection_ring)

Multics supported 8+ rings, OpenVMS 3 rings, OS/2 3 rings, Windows NT and Unix
only 2 rings. Some hypervisor like XEN use afaik ring 1 (Intel VT-x
"Vanderpool").

We need better ring support in modern operating systems and hypervisors (VM
hosts).

"The x86-processors have four different modes divided into four different
rings. Programs that run in Ring 0 can do anything with the system, and code
that runs in Ring 3 should be able to fail at any time without impact to the
rest of the computer system. Ring 1 and Ring 2 are rarely used, but could be
configured with different levels of access."

~~~
j-pb
Actually we should abandon the ring concept all together for more promising
security models.

[https://www.destroyallsoftware.com/talks/the-birth-and-
death...](https://www.destroyallsoftware.com/talks/the-birth-and-death-of-
javascript)

~~~
frik
The suggested solution is to have process isolation implemented using software
- namely asm.js-enabled JavaScript virtual machines embedded in a Linux
kernel, which save you from needing hardware isolation, reducing overhead.
Gary calls this idea "METAL".

I found little resource about the project, but there is a discussion on
Reddit:
[http://www.reddit.com/r/compsci/comments/25w7vt/javascript_b...](http://www.reddit.com/r/compsci/comments/25w7vt/javascript_based_os_what_do_you_think/)

And we had the discussion on HN too:
[https://news.ycombinator.com/item?id=7605687](https://news.ycombinator.com/item?id=7605687)

Nevertheless an interesting topic, that doesn't deserve a downvote of my
parent.

------
smegel
I remember a post a few years ago about running code by triggering page faults
in the MMU. Basically they created a single instruction computer (which can be
Turing complete) out of the MMU, hence allowing processing to occur with the
MMU that is invisible to the CPU and everything else. I wonder if related.

[http://en.wikipedia.org/wiki/One_instruction_set_computer](http://en.wikipedia.org/wiki/One_instruction_set_computer)

~~~
jbangert
(author here)
[https://github.com/jbangert/trapcc](https://github.com/jbangert/trapcc)

We did get a few hypervisor crashes and the Intel architecture has all sorts
of subtle behaviour that is often not modelled properly. It would be good to
see someone build on my work.

------
vardump
The worst case is a VM escape for hardware accelerated (VT-x/AMD-V). So does
this exploit work under virtualized ring 0? That would be a disaster for many
cloud providers and for virtualization in general.

Maybe this is something about controlled change of flow of execution in SMM
mode?

~~~
tptacek
My guess is that if you have a universal hardware hypervisor escape, you write
the abstract for that talk much differently.

------
walterbell
Earlier work from the ITL/Qubes team, including SMM attacks:
[http://invisiblethingslab.com/itl/Resources.html](http://invisiblethingslab.com/itl/Resources.html)

------
wmf
I wonder if this is SMM or something even darker and deeper.

~~~
userbinator
SMM was my first thought too, although "gone unnoticed for 20 years" (1995)
suggests something newer; SMM was introduced in 1990 with the 386SL, and this
suggests P6-level.

Microcode seems about right - that was introduced in the P6. But, it's also
signed (at least Intel ucode is - not sure about AMD) according to previous
research... either way, this is going to be interesting.

~~~
dlitz
Signed _how_ , though? A crypto scheme that Intel came up with 20 years ago is
probably not secure, and if they haven't updated it since then, well...

~~~
userbinator
[http://inertiawar.com/microcode/](http://inertiawar.com/microcode/) suggests
a variant of SHA1 or SHA2 with 2048-bit RSA. No doubt it's changed since the
P6, probably with different private keys for each CPU model/family, but the
public key must be present in the hardware in order to verify, so
theoretically it could be extracted...

Edit: _public_ key. There might be a test mode which bypasses this or
something.

~~~
kryptiskt
No, the private key doesn't have to be present. They sign with the private
key, the CPU verifies with the public key.

------
jhallenworld
"deepest, darkest realms of the processor..." is it the ME?
[https://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf](https://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf)

~~~
nly
It's kind of scary that there's a micro-JVM on my chipset that allows new code
to be loaded in to such a privileged system dynamically.

~~~
lmm
Makes me think of this guy who managed to install linux on his hard drive:
[https://spritesmods.com/?art=hddhack&page=7](https://spritesmods.com/?art=hddhack&page=7)

------
aji
Is this about the IA-32 debugger? There's a Phrack article that describes
something similar:
[http://phrack.org/issues/65/8.html](http://phrack.org/issues/65/8.html)

------
xgbi
Strangely, when I clicked the link my Macbook Air kernel-panicked. This is the
first time it happened in maybe 2 years.. I though the website was actually
using an exploit to kill all PCs kernels.

After a reboot all went fine, though.

------
louwrentius
This sounds _very_ significant to me.

Basically this vulnerability affects multi-tennant systems where if you have a
VM, you can then expoint this vulnerability to take control of a VM of
somebody else.

This type of vulnerability, however rare, could be an argument why you should
run systems with different security classifications on different physical
hardware (different physical virtualisation clusters).

------
bognition
Wow. Ok so given that this is a hardware flaw and not a software flaw is this
kind of disclosure reasonable? In the case of software vulnerabilities,
researchers typically inform vendors and allow them time to distribute a
patch. Is there anything analogous here for hardware? If yes how does intel
(or any hardware vendor) get ahead of this by distributing a fix?

~~~
JoeAltmaier
If its an unfixable problem then there's an obligation to disclose. Else only
the 'bad guys' know.

~~~
bognition
But doesn't this assume that the 'bad guys' have knowledge of the exploit.
This feels like a faulty assumption. However after disclosure the bad guys
will definitely have knowledge.

Also after disclosure what is the right course of action? We certainly can't
require the replacement of all vulnerable hardware.

~~~
Kalium
Let's break it down for examination. Before disclosure, the bad guys _may_
know and the good guys _certainly_ do not know. After disclosure, both bad
guys know and good guys know. Good guys who know can take protective steps.

Who gains the most?

------
im3w1l
What is more privileged than ring 0? Microcode?

~~~
zerohp
A hypervisor runs below ring 0 and system management mode runs below that.

~~~
ajross
... sort of.

"Ring 0" is a historical abstraction from the 80286 protected mode model.
There was a two bit field associated with segment and gate descriptors that
enforced privilege separation, so you couldn't load segment registers with
data at a higher priviledge level, and were disallowed from making traps into
higher levels except as specifically allowed (we call those "syscalls" today).

None of this stuff is used anymore. We have the kernel in ring zero and we
have everything else.

A hypervisor is absracting the whole CPU, so the guests have their own rings,
etc... SMM is likewise outside the ring model.

And of course we have all sorts of __other __priviledge abstractions in modern
hardware: iommu 's exist for this purpose of course (though with a different
threat model), as does memory mapping handled by microcontrollers on the
fabric of modern SoCs. The NX bit doesn't fit into "rings" but is clearly
related technology, etc...

Basically we need to stop talking about 286 protected mode except when that's
really what we mean. Frankly I have no idea what this attack means by "ring
0", but I'm guessing like everyone else this is an exploit in SMM code.

~~~
danbruc
_None of this stuff is used anymore. We have the kernel in ring zero and we
have everything else._

Not using two of the four rings does not really mean nothing is used anymore.
The reason only two are commonly used is probably to a large extend due to
portability to processors with only two rings and maybe also architectural
simplicity.

~~~
amluto
Even x86 barely supports rings 1 and 2. The modern (386+) paging system only
recognizes two privilege levels, and the fast privilege change instructions
(SYSCALL, SYSRET, etc) are only useful when switching between rings (really
"CPL") 0 and 3.

If you're programming a 286, then you can go whole hog with 4 rings.

------
charonn0
Am I missing something here? It's just a couple of sentences of some BS about
negative rings.

~~~
scott_karana
It's an exploit that'll be presented at the upcoming Blackhat conference.

~~~
charonn0
Thanks, it makes much more sense sense now.

------
0xFFC
So guy's did I understand correctly ? They found a flaw in x86 so the guest
can exploit host ? ( Maybe much restricted than what I said , but the main
idea is correct ?)

------
tempodox
Regardless of the content, white text on black background is VERY BAD for
reading. Please make this text more readable.

