On Feb 12, 2006, at 11:56, Valdis.Kletnieks@vt.edu wrote:
On Sun, 12 Feb 2006 11:32:44 EST, Kyle Moffett said:
and X when sleeping? Don't you *dare* say "somebody could attach
a hardware debugger and read your data out of RAM", because I just
don't see that happening in any reasonable situation, there are
too many obstacles to doing that with a _laptop_, the first of
which is just that it's impossible to take the damn thing apart
when it's on without disconnecting massive amounts of critical
wiring.
No need to take anything apart if that laptop has a FireWire port
on the outside. See Quinn's Firestarter that won best hack at
MacHack 2002.
http://www.quinn.echidna.id.au/Quinn/WWW/Hacks.html#FireStarter
No need to crack the case at all. And it isn't a Mac-only issue -
it's the way FireWire works.
/me reads spec. *sigh* Whatever idiocy-committee wrote that spec was
clearly either smoking crack or living in a fantasy-world (or both).
An arbitrary unrestricted DMA bus is a massive and painfully obvious
security hole. Can somebody _please_ shoot the guy that came up with
that brilliant idea? At least it looks like it's not available if
the firewire modules aren't loaded, which means that you can prevent
that sort of attack, and my laptop luckily doesn't load those modules
at boot just to save a bit of memory. Even still, that's just a
terrible idea. Is there any practical way to restrict DMA and make
FireWire secure?
Cheers,
Kyle Moffett
--
I didn't say it would work as a defense, just that they can spin that
out for years in court if it came to it.
-- Rob Landley
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
