From owner-freebsd-questions@FreeBSD.ORG Thu Jun 12 01:51:19 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 30B631065674 for ; Thu, 12 Jun 2008 01:51:19 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id E01E68FC14 for ; Thu, 12 Jun 2008 01:51:18 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 36E5E11554C; Wed, 11 Jun 2008 21:51:18 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Wed, 11 Jun 2008 21:51:18 -0400 X-Sasl-enc: PXP9aNMKdLDyjknFH7t/angP+SxFB3QTDC3+RwpWdyOR 1213235477 Received: from hagrid.ewd.goldmark.org (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTPSA id A292F130DA; Wed, 11 Jun 2008 21:51:17 -0400 (EDT) Message-Id: <81EBB0C0-AC7A-42EE-A128-BA70ADCC336B@goldmark.org> From: Jeffrey Goldberg To: cpghost In-Reply-To: <20080612030851.032afa26@epia-2.farid-hajji.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v924) Date: Wed, 11 Jun 2008 20:51:16 -0500 References: <20080612001713.D1B718FC1B@mx1.freebsd.org> <20080612030851.032afa26@epia-2.farid-hajji.net> X-Mailer: Apple Mail (2.924) Cc: FreeBSD List , dfeustel@mindspring.com Subject: Re: FreeBSD and User Security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jun 2008 01:51:19 -0000 On Jun 11, 2008, at 8:08 PM, cpghost wrote: > On Wed, 11 Jun 2008 19:45:51 -0500 > Jeffrey Goldberg wrote: >> First it should consume memory. A very complete test of memory >> through a modified memtest should be able to detect whether system >> reported memory is accurate. > What if memtest already runs within the virtualization box? How can it > determine what the "right" amount of memory is supposed to be? I was assuming that that would be known by the operator. > And if > the virtualizer hot-patched memtest instructions, either on loading it > or dynamically while it runs, it could make it report whatever it > liked. Of course. >> Secondly, a blue pill would need to be reinserted after a hard >> reboot. Therefore a look at the boot process (of a non-live system) >> should be able to see whether there is something that reinserts the >> blue pill. > Yes, but you've got to have a very close look at it, as it won't > necessarily appear on the screen -- being caught as well by the > virtualizer. And Joanna also has a paper about fooling hardware > capture cards into reporting bogus data on her site, so you won't > even be able to detect that RAM contains something else upon boot > than those hardware capture cards are supposedly reporting. Yes. I've now read through some of Rutowska's slides (following the link provided by dfeustel in another post in this thread). > If all this is as she's described, it is truly brilliant from a > technical POV... and a very worrying thought as well. Yes it is worrying. The next time I reboot the one server I've got with an SVM capable processor I'm going to disconnect the power (to make sure that I'm getting a real reboot instead of a spoofed one) and then on reboot I will disable SVM in the BIOS. But mostly I'm just in admiration of people who can think of things this clever (even if they are very scary and dangerous things). Thank y'all for a very enlightening discussion. -j