Excellent job on the firewire support!
Brooks Davis
brooks at one-eyed-alien.net
Fri Jul 23 09:48:11 PDT 2004
On Fri, Jul 23, 2004 at 05:52:41PM +0300, Maxim Sobolev wrote:
> Doug Rabson wrote:
>
> >On Wed, 2004-07-21 at 15:41, Andrew Gallatin wrote:
> >
> >>Doug Rabson writes:
> >>> Actually thats the only downside of dcons. It doesn't cut in until the
> >>> firewire controller attaches. It relies on the fact that the fwohci
> >>> driver allows access to physical memory from any node on the bus
> >>> (implemeted in hardware so you can examine the memory of a hung
> >>> machine). The dconschat program uses this feature to access the dcons
> >>> ring buffers in the target machine.
> >>
> >>Does remote access to physical memory require dcons to be loaded
> >>on the target?
> >
> >
> >No. The remote access to physical memory is a hardware-implemented
> >feature of the firewire ohci hardware. Its enabled in fwohci_attach().
> >In the long term, I would like to restrict this a bit but right now all
> >you have to have is fwohci loaded on the target machine.
>
> It would be nice to have some sysctl which to disable such access, since
> it is BAD THING[tm] from the security POV.
In high security environments, they use a tube of epoxy. ;-)
-- Brooks
--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040723/478714cd/attachment.bin
More information about the freebsd-current
mailing list