Date: Tue, 16 Nov 2004 17:40:37 -0800 From: Bruce M Simpson <bms@spc.org> To: Maximillian Dornseif <dornseif@informatik.rwth-aachen.de> Cc: freebsd-firewire@freebsd.org Subject: Re: FireWire Security issues Message-ID: <20041117014037.GP1468@empiric.icir.org> In-Reply-To: <cndo0f$5bv$1@sea.gmane.org> References: <cndo0f$5bv$1@sea.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--1LKvkjL3sHcu1TtY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 16, 2004 at 09:30:09PM +0100, Maximillian Dornseif wrote: > looking into the issue described in the advisory below I wonder how to=20 > tackle this issues. Primarily > I ask myself >=20 > * is there any reason not to filter all physical memory access by default > * what would be the appropriate way to change the filter set? a sysctl? This is totally not news, this has been discussed in various circles for the past 5 years, though it's nice to see someone presenting an old attack in a new way. You can only filter the accesses by implementing filter logic in the PCI bridge to main memory to deny the accesses, or the PCI bus arbiter, or failing that, the FireWire to PCI host controller itself. The CPU and operating system are not able to intervene here in any way. Regards, BMS --1LKvkjL3sHcu1TtY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: '' iD8DBQFBmqwUueUpAYYNtTsRApZrAJ9DJzC1b6kBlojXohCfLQOxULm5xgCfUvfI eSN+nOup7hadrXtW0h/oe7c= =mdS6 -----END PGP SIGNATURE----- --1LKvkjL3sHcu1TtY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041117014037.GP1468>