Re: MSR support for x86

Wayne Schlitt (
09 Mar 1997 22:35:47 -0600

In <> "H. Peter Anvin" <> writes:

> >
> > I should think you would want it to be crw-r--r--, so that anybody can see
> > what they are running on.
> Yes, there need to be something reasonable. I do *not* think it is
> reasonable for random processes to even read the special registers --
> on some CPUs that could potentially give away dangerous information.

Sorry for the late post, but yes, reading things like the number of
page faults can open subtle security holes.

I forget the exact details, but I think it was one of the early DEC
pdp's and the RSTS os that is the prime example of this. The cpu
would allow users to read page fault counts, so what some clever folks
did was write a program that forced almost all the pages out. It
would then call an os function that would verify a password. The OS
would just compare byte by byte and fail on the first miss match.
What the clever programmer did was make sure the password would cross
a page boundary. Then, by looking at the page fault count register, it
could tell how far into the password the OS had verified before it
failed. This turns an exponential search space into a linear one.

Yes, UNIX handles passwords completely differently, and the OS doesn't
deal with them anyway, but that's not the point. The point is that
some of this information can be used in surprising ways and I think we
should be really careful what we allow general users to access.


Wayne Schlitt can not assert the truth of all statements in this
article and still be consistent.