Re: Linux vs MS Security
From: Rick Moen (rick_at_linuxmafia.com)
Date: 09/15/05
- Previous message: Moe Trin: "Re: Linux vs MS Security"
- In reply to: Moe Trin: "Re: Linux vs MS Security"
- Next in thread: Moe Trin: "Re: Linux vs MS Security"
- Reply: Moe Trin: "Re: Linux vs MS Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 14 Sep 2005 22:34:14 -0400
Moe Trin <ibuprofin@painkiller.example.tld> wrote:
[F00F bug:]
>>Regardless, after the bug was publicised on 1997-11-10,
>
> Are you sure of the date? The original posting (above) was late on the
> sixth, and the next few days were like someone stomped on a fire ant nest.
No, I was actually up during the middle of the night after donating
blood and then crashing for several hours, really had no business
attempting to be coherent on Usenet at that time, and only partially
succeeded. Ordinarily, I'd have properly re-found the date stamp on the
original newsgroup posting before saying that, but I was just too tired.
(That's a poor excuse, I know. I knew I was likely to get it slightly
wrong, but was exhausted and momentarily didn't care. My lazy
guesstimate about the number of months until Microsoft's NT patch was
off, too -- but in the ballpark.)
[Microsoft:]
> Did they ever fix it at all?
Now that you mention it.... Hmm, I notice that their earlier
http://premium.microsoft.com/support/kb/articles/q163/8/52.asp page that
they posted in 1998 doesn't exist, any more. Ah, here:
http://support.microsoft.com/kb/163852/EN-US/
I found that by googling for Intel's mind-numbing moniker for the
problem, "Invalid Operand with Locked CMPXCHG8B Instruction". Page
claims that NT 3.51 got some sort of hotfix, but they don't actually
name or link that hotfix. NT 4.0 got a fix as part of SP 4.0. Win95
_never_ got any sort of fix, it seems -- just as I was saying in '98.
It's a bit frightening to think that I might personally have been -- for
a while -- the best-informed commentator on this problem other than
Robert Collins (who wasn't saying much). And I was a rank amateur. ;->
> I know Novell didn't. My understanding was that they claimed there
> was no need to fix it, as no compiler would produce that machine code.
> Obviously wrong, as anyone who has ever coded ANYTHING knows (how do
> they think it was discovered in the first place, magic?), but that was
> their story at the time.
Yes, that was quite bogus. Here's the actual vendor statement, from
Intel's inforamtional page:
"Novell's network operating system NetWare/IntranetWare is not
affected by the invalid instruction erratum found in the Pentium
processor. NetWare/IntranetWare requires proper authentication to run
NLM's [sic] and applications on the server. Due to this secure
access, NetWare/IntranetWare is not susceptible to NLM's [sic] or
applications that would use the invalid opcode. For further
information, please contact Novell at 1-801-861-5533 or www.novell.com."
Tom Oldroyd
Senior Marketing Manager
Novell Inc.
-- Cheers, "Due to circumstances beyond our control, we regret to Rick Moen inform you that circumstances are beyond our control." rick@linuxmafia.com --Paul Benoit
- Previous message: Moe Trin: "Re: Linux vs MS Security"
- In reply to: Moe Trin: "Re: Linux vs MS Security"
- Next in thread: Moe Trin: "Re: Linux vs MS Security"
- Reply: Moe Trin: "Re: Linux vs MS Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
