Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] “God Mode” exploit found in old x86 chips (tomshardware.com)
40 points by loydb 7 months ago | hide | past | web | favorite | 16 comments

this was discussed yesterday: https://news.ycombinator.com/item?id=17727140

A) It's documented, and is disabled by default.

B) It's not a coprocessor, it's the RISC like engine inside the processor that microcode targets.

> While the backdoor should require kernel level access to activate, it has been observed to be enabled by default on some systems, allowing any unprivileged code to modify the kernel.

According to the github page README

I mean, those systems where it's "enabled by default" are systems where kernel or bios explicitly turned it on.

It's a huge problem, and needs to be fixed, but we should use accurate language.

yes you are right we should be careful with our language here. it is disabled by default in the sense that the OEM would have to enable it in order for the exploit to be effective. However since it appears that sometimes the OEMs have been enabling this feature before shipping from consumers, from the consumer standpoint it would appear to be enabled by default.

Just a matter of perspective I guess but yeah it's very important to be clear here.

The point is that this is not an "exploit in x86". If a lot of Linux admins make their root password "12345" and expose their systems to SSH and you log in to their accounts, you haven't found "an exploit in Linux".

> Hacker discovers how to access his CPU.

Ho.lee.shit! This is stunning. After quite an array of consecutive processor ring-level security compromises being reported, finding some oldschool hardware with even olderschool exploits that somehow proliferated to the modern day is quite a nice rounding in of a hitherto forgotten fog of computer exploits: the processor as a universal eyeball is a soft spot in the tower of defense.

And you know there are a bunch of intelligence agencies around the world that are either cussing this guy out, or furiously downloading example code (or both).

True I'm sure spy agencies around the world have a whole database of known (to them) exploits like this. So might have even commanded or lobbied that these features be put in in the first place.


This potentially impacts a ton of infrastructure machines that will be very difficult to patch.

Generally speaking, local privilege escalation is not a problem for old infrastructure machines, because those machines don't run any third-party untrusted code.

To me it seems that a patch would be like trying to put a band-aid on the brainstem for a concussion. These exploits run lower and can be triggered at any time with the appropriate instructions. Is it even possible to patch?

Looks like this feature has to at least be enabled somewhere for it to work (it just so happens that for some systems it is enabled by default). If that really is the case it might be possible to disable the system, as long as only something in layer 0 can turn it back on. Although yeah still not an ideal situation.

Thanks for the clarification, good it's not on by default

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact