OpenBSD founder: Intel leaves open-source out in the cold

OpenBSD founder: Intel leaves open-source out in the cold

Summary: OpenBSD founder Theo de Raadt wants Intel to come clean on the severity of bugs in the Intel Core 2 processors, warning that some of the bugs "will *ASSUREDLY* be exploitable from userland code."de Raadt's comments follow Intel's release of a BIOS patch to cover potential unpredictable system behavior on Windows machines running Core 2 and Xeon 3000/5000 chips.

SHARE:

OpenBSD founder wants Intel to come clean on severity of bugs

OpenBSD founder Theo de Raadt wants Intel to come clean on the severity of bugs in the Intel Core 2 processors, warning that some of the bugs "will *ASSUREDLY* be exploitable from userland code."

de Raadt's comments follow Intel's release of a BIOS patch to cover potential unpredictable system behavior on Windows machines running Core 2 and Xeon 3000/5000 chips.

In a note posted to the OpenBSD mailing list, de Raadt said the processors were "buggy as hell" and warned that in addition to causing development and debugging problems, they are exploitable.

"As is typical, BIOS vendors will be very late providing workarounds/fixes for these processors bugs. Some bugs are unfixable and cannot be worked around. Intel only provides detailed fixes to BIOS vendors and large operating system groups. Open Source operating systems are largely left in the cold," he declared.

He accused Intel of understating the impact of the bugs "very significantly" and cautioned OS developers that they will most certainly run into these bugs.

Some of these bugs are along the lines of "buffer overflow"; where a write-protect or non-execute bit for a page table entry is ignored. Others are floating point instruction non-coherencies, or memory corruptions -- outside of the range of permitted writing for the process -- running common instruction sequences," de Raadt added

"All of this is just unbelievable to many of us," he declared.

de Raadt said he cannot recommend the purchase of any machines based on the Intel Core 2 until these issues are dealt with.

"Intel must be come more transparent," he said, noting that rival AMD isn't much better.

"I would like to say that AMD is becoming less helpful day by day towards open source operating systems too, perhaps because their serious errata lists are growing rapidly too," de Raadt said.

More discussion at Slashdot and Matasano

[UPDATE: June 28, 2007 @ 6:12 PM]  A note from the TalkBack comments:

I am from Intel, and I thought I would give you our perspective. Months ago, we addressed a processor issue by providing a BIOS update for our customers that in no way affects system performance. We publicly documented this as an erratum in April. All processors from all companies have errata, and Intel has a well-known errata communication process to inform our customers and the public. Keep in mind the probability of encountering this issue is low.

Specification Updates for the affected processors are available at http://developer.intel.com.  All errata are thoroughly investigated for issues and vulnerabilities, should they have any we fix them, usually through a microcode update. We feel we’ve resolved the issue and were open about it with customers and then publicly publishing it, but this is a good venue for ideas on how we could do better or more. I am interested in any constructive comments...

Topics: Open Source, Intel, Operating Systems, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

17 comments
Log in or register to join the discussion
  • Must be the competition

    Because of the drastic changes in the processors over the last couple of years, more flaws in the design are probably more likely to show up. Still, this is an issue that should be addressed. Especially on days like today where JoAnna Rutkowska is out to exploit the virtual machine technology. Both systems now have the implementations in place. Both are very useful tools that can quickly be turned against the users which they are supposed to serve.
    nucrash
  • Hey everyone, BUY A MAC!!!1!!!!!11111!!!!!!2

    But wait a minute, they now use Intel processors too!

    Whoops! (but what else is new?)
    HypnoToad72
    • Apple uses higher quality Intel chips

      Jobs personally goes to Intel's plant and rummages through the CPU bins, picking out the nice ones for his Macs. Gates, on the other hand, has probably spit on your keyboard. Oooooo, I HATE BILL GATES AND MICRO$$$$$$$OFT!!!!
      NonZealot
      • lol

        [i]"Jobs personally goes to Intel's plant and rummages through the CPU bins, picking out the nice ones for his Macs"[/i]

        Awesome! :D
        toadlife
      • Now.. there is a bit of truth to that statement

        Apple was the first to release the 3.0 GHz Quad Cores.

        Apple does have some pull with Intel, but if it were to issue bug fixes for them
        first, I would highly doubt that. Although I know of a corporation that works with
        a product that does require some further fixing and did require a bit of later
        modification. However the primary vendor locked in all changes and requires that
        they were the only ones allowed the modifications with-in the first year or longer.

        This company accounted for 75% of the business, so I doubt that the situation is
        the same with Apple and Intel
        nucrash
        • Apple has no pull with Intel ...

          ... that isn't warranted by their 5th place share of the market. Who launches a CPU first has nothing to do with pull and everything to do with the speed of your development processes. Besides, I don't believe that Apple was first to market. They just were first to publicise it!
          ShadeTree
      • Dumb remarks given 95% of Intel machines use Windows

        You dummies twist any story now into a rant against Apple.
        YinToYourYang-22527499
        • Okie Dokie

          Actually it is more like 97.9%, but who's counting.
          jakenhauser
      • LOL!!

        Sure he does!!
        jakenhauser
  • Intel's view

    I am from Intel, and I thought I would give you our perspective. Months ago, we addressed a processor issue by providing a BIOS update for our customers that in no way affects system performance. We publicly documented this as an erratum in April. All processors from all companies have errata, and Intel has a well-known errata communication process to inform our customers and the public. Keep in mind the probability of encountering this issue is low. Specification Updates for the affected processors are available at http://developer.intel.com.
    All errata are thoroughly investigated for issues and vulnerabilities, should they have any we fix them, usually through a microcode update. We feel we?ve resolved the issue and were open about it with customers and then publicly publishing it, but this is a good venue for ideas on how we could do better or more. I am interested in any constructive comments...
    IntelNick
  • Open Source SHOULD be left out.

    Telling a hand full of responsible OEMs is vastly different than publishing for all the hackers in the world.
    No_Ax_to_Grind
    • Intel had already published it all

      Reading, a thing you should have learned many many years ago.
      zkiwi
  • Business as usual

    resulting in DIY. Guess being on Intel is being in h*ll. Guess those powerchip systems and AMD are looking sweeter. And Intel is as open as usual, as they've been businesswise for years and years and to what end.
    Boot_Agnostic
    • Are you really this clueless

      All CPUs have the same issues. Gawd I wish some of you would grow up...
      No_Ax_to_Grind
  • What should we do?

    Still use single-core CPUs or move to Windows?

    Milan B.
    http://www.guacosoft.com
    mbabuskov
  • Oops - logic error - Microsoft-limited thinking

    This is a great example of Microsoft-limited thinking that's holding the industry back. The answer to fixing hardware and software bugs IS NOT more secrecy and control. This is in fact why these bugs persist so long. Intel (for example) finds the bug, and publishes it only to its top OEMs, who keep it a secret too. But at the same time, the hackers and other malfeasants find the bug by doing their own research, and start to exploit it. The public is exposed to the the exploits precisely because the bug is kept secret. If it had been published openly, the software would have been fixed sooner. In the case of Microsoft, that's days and in the case of open source it can be hours. Imagine, blocking an exploit of system code or processor hardware in hours! That's the benefit of open source, but unfortunately it also means you have to system administrators that are on the ball, since there isn't a viable open-source updating method like Microsoft's Update program. What we need is a synthesis of the two: the openness and rapid response of open source with the lights-out updating that you get from Microsoft. But keeping a secret from the open-source developers isn't the solution.

    -Eric Novikoff
    http://www.enkiconsulting.net
    enovikoff
  • RE: OpenBSD founder: Intel leaves open-source out in the cold

    Nice to see somebody from Intel comment.
    OK, I'm the author of the famous CRASHME.
    One thing I love to see is people make
    unsubstantiated claims about some event
    being "low probability."

    [Keep in mind the probability of encountering this issue is low.]

    Famous last words. Probability is a mathematical concept, and needs to be computed with care, not use as a debating point.

    Hey, whats the probability of a bunch of guys taking over commercial aircraft using box cutters as weapons and crashing the aircraft into buildings and causing thousands of deaths and billions of dollars worth of property damage?
    gjcarrette