Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)

On Sun, 2006-02-12 at 13:28 -0500, Kyle Moffett wrote:

> /me reads spec. *sigh*  Whatever idiocy-committee wrote that spec was  
> clearly either smoking crack or living in a fantasy-world (or both).   
> An arbitrary unrestricted DMA bus is a massive and painfully obvious  
> security hole.  Can somebody _please_ shoot the guy that came up with  
> that brilliant idea?  At least it looks like it's not available if  
> the firewire modules aren't loaded, which means that you can prevent  
> that sort of attack, and my laptop luckily doesn't load those modules  
> at boot just to save a bit of memory.  

might not help since your firmware turns on the firewire port to enable
booting from firewire disks.

> Even still, that's just a  
> terrible idea.  Is there any practical way to restrict DMA and make  
> FireWire secure?

load the modules with phys_dma=0

johannes

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- [ 00/10] [Suspend2] Modules support.
  - From: Nigel Cunningham <[email protected]>
- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
  - From: "Rafael J. Wysocki" <[email protected]>
- Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
  - From: Pavel Machek <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
  - From: Jan Merka <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
  - From: Kyle Moffett <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
  - From: Alon Bar-Lev <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
  - From: Kyle Moffett <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
  - From: Alon Bar-Lev <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
  - From: Kyle Moffett <[email protected]>
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
  - From: [email protected]
- Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
  - From: Kyle Moffett <[email protected]>

Prev by Date: [PATCH][take 2] kretprobe: kretprobe-booster against 2.6.16-rc2 for i386
Next by Date: vold for linux ? [was: Re: CD writing in future Linux (stirring up a hornets' nest)]
Previous by thread: Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
Next by thread: Re: Flames over -- Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]