Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Apr 2002 14:58:28 +0900
From:      Hidetoshi Shimokawa <simokawa@sat.t.u-tokyo.ac.jp>
To:        Mikko Tyolajarvi <mikko@dynas.se>
Cc:        hackers@freebsd.org
Subject:   Re: FireWire for kernel hackers
Message-ID:  <ybsvgatsdtn.wl@ett.sat.t.u-tokyo.ac.jp>
In-Reply-To: <200204131941.g3DJfAb18611@mikko.rsa.com>
References:  <ybselhkx4r3.wl@ett.sat.t.u-tokyo.ac.jp> <200204131941.g3DJfAb18611@mikko.rsa.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
At Sat, 13 Apr 2002 12:41:10 -0700 (PDT),
Mikko Tyolajarvi wrote:
> 
> In local.freebsd.hackers you write:
> 
> >Quoted from 00README in
> >http://people.freebsd.org/~simokawa/firewire-20020412.tar.gz
> 
> >          As you know, IEEE1394 is a bus and OHCI supports physical access
> >        to the host memory. This means that you can access the remote
> >        host over firewire without software support at the remote host.
> >        In other words, you can investigate remote host's physical memory
> >        whether its OS is alive or crashed or hangs up.
> 
> Umm... excuse a stupid question, but does this mean that a firewire
> port always gives unconditional access to the host's memory?  Great
> for kernel debugging.  Maybe not so great for a running system, from a
> security point a view (ok, physical access eventually equals full
> access, but plugging in a firewire cable is a heck of a lot faster
> than using a screwdriver...)

As Kobayashi-san said, it can be restricted and I suppose OHCI
doesn't allow physical access by default(after hardware reset).

Our driver allows it mostly for SBP-II.
SBP devices read/write host memory directly(DMA).

If you prefer security to performance, You could disallow physical
access and inspect all transactions.
You could also allow it only to SBP-II nodes and debugger nodes.
(Node id could change after bus reset)

My recommendation is not to connect untrusable devices.

/\ Hidetoshi Shimokawa
\/  simokawa@sat.t.u-tokyo.ac.jp
PGP public key: http://www.sat.t.u-tokyo.ac.jp/~simokawa/pgp.html



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ybsvgatsdtn.wl>