Re: FireWire Security issues
--1LKvkjL3sHcu1TtY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Nov 16, 2004 at 09:30:09PM +0100, Maximillian Dornseif wrote:
> looking into the issue described in the advisory below I wonder how to=20
> tackle this issues. Primarily
> I ask myself
>=20
> * is there any reason not to filter all physical memory access by default
> * what would be the appropriate way to change the filter set? a sysctl?
This is totally not news, this has been discussed in various circles for
the past 5 years, though it's nice to see someone presenting an old attack
in a new way.
You can only filter the accesses by implementing filter logic in the PCI
bridge to main memory to deny the accesses, or the PCI bus arbiter, or
failing that, the FireWire to PCI host controller itself.
The CPU and operating system are not able to intervene here in any way.
Regards,
BMS
--1LKvkjL3sHcu1TtY
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Comment: ''
iD8DBQFBmqwUueUpAYYNtTsRApZrAJ9DJzC1b6kBlojXohCfLQOxULm5xgCfUvfI
eSN+nOup7hadrXtW0h/oe7c=
=mdS6
-----END PGP SIGNATURE-----
--1LKvkjL3sHcu1TtY--
討論串 (同標題文章)
完整討論串 (本文為第 2 之 5 篇):