Intel Working With Wine Developers On User-Mode Instruction Prevention
The Intel developer working on UMIP (User-Mode Instruction Prevention) support for the Linux kernel has been collaborating with Wine developers about this security-minded feature to be introduced with future Intel CPUs.
The User-Mode Instruction Prevention (UMIP) feature prevents SGDT, SIDT, SLDT, SMSW, and STR instructions from being executed outside of ring 0. UMIP was developed to help prevent user-space applications from using these instructions in exploiting code execution vulnerabilities. But given Wine's design, this could be a bit of a problem but fortunately the involved Intel developer is working with Wine to ensure a sufficient design with their kernel implementation.
Those wishing to learn more about UMIP and Wine can read today's latest World Wine News and the associated mailing list thread. It looks like UMIP will debut with Intel Cannonlake processors.
The User-Mode Instruction Prevention (UMIP) feature prevents SGDT, SIDT, SLDT, SMSW, and STR instructions from being executed outside of ring 0. UMIP was developed to help prevent user-space applications from using these instructions in exploiting code execution vulnerabilities. But given Wine's design, this could be a bit of a problem but fortunately the involved Intel developer is working with Wine to ensure a sufficient design with their kernel implementation.
Those wishing to learn more about UMIP and Wine can read today's latest World Wine News and the associated mailing list thread. It looks like UMIP will debut with Intel Cannonlake processors.
8 Comments