On Sun, 2006-02-12 at 13:28 -0500, Kyle Moffett wrote: > /me reads spec. *sigh* Whatever idiocy-committee wrote that spec was > clearly either smoking crack or living in a fantasy-world (or both). > An arbitrary unrestricted DMA bus is a massive and painfully obvious > security hole. Can somebody _please_ shoot the guy that came up with > that brilliant idea? At least it looks like it's not available if > the firewire modules aren't loaded, which means that you can prevent > that sort of attack, and my laptop luckily doesn't load those modules > at boot just to save a bit of memory. might not help since your firmware turns on the firewire port to enable booting from firewire disks. > Even still, that's just a > terrible idea. Is there any practical way to restrict DMA and make > FireWire secure? load the modules with phys_dma=0 johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
- References:
- [ 00/10] [Suspend2] Modules support.
- From: Nigel Cunningham <[email protected]>
- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
- From: "Rafael J. Wysocki" <[email protected]>
- Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
- From: Pavel Machek <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
- From: Jan Merka <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
- From: Kyle Moffett <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
- From: Alon Bar-Lev <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
- From: Kyle Moffett <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
- From: Alon Bar-Lev <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
- From: Kyle Moffett <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
- From: [email protected]
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
- From: Kyle Moffett <[email protected]>
- [ 00/10] [Suspend2] Modules support.
- Prev by Date: [PATCH][take 2] kretprobe: kretprobe-booster against 2.6.16-rc2 for i386
- Next by Date: vold for linux ? [was: Re: CD writing in future Linux (stirring up a hornets' nest)]
- Previous by thread: Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
- Next by thread: Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
- Index(es):
 |