Re: SecurityFocus Article

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Thursday, 11. May 2006 17:47, linux-os (Dick Johnson) wrote:
> If the SMRAM control register exists, the D_LCK bit can be set
> in 16-bit mode during the boot sequence. This makes the SMRAM
> register read/only so the long potential compromise sequence
> that Mr. Duflot describes would not be possible. If the control
> register doesn't exist, then the vulnerably doesn't exist.
> 
> The writer doesn't like the fact that a root process can execute
> iopl(3) and then be able to read/write ports. He doesn't like
> the fact that the X-server can read/write ports from user-mode.
> 
> Sorry, the X-server is too large to go into the kernel. It's
> a lot easier to modify the boot-loader to set the D_LCK bit
> if the security compromise turns out to be real.

That sounds like a good move.

Any patches?

I would love to review them!


Regards

Ingo Oeser
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux