FireWire Security issues
Bruce M Simpson
bms at spc.org
Tue Nov 16 17:40:45 PST 2004
On Tue, Nov 16, 2004 at 09:30:09PM +0100, Maximillian Dornseif wrote:
> looking into the issue described in the advisory below I wonder how to
> tackle this issues. Primarily
> I ask myself
>
> * is there any reason not to filter all physical memory access by default
> * what would be the appropriate way to change the filter set? a sysctl?
This is totally not news, this has been discussed in various circles for
the past 5 years, though it's nice to see someone presenting an old attack
in a new way.
You can only filter the accesses by implementing filter logic in the PCI
bridge to main memory to deny the accesses, or the PCI bus arbiter, or
failing that, the FireWire to PCI host controller itself.
The CPU and operating system are not able to intervene here in any way.
Regards,
BMS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 167 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20041116/fd92f2cf/attachment.bin
More information about the freebsd-security
mailing list