From owner-freebsd-current@FreeBSD.ORG Fri Jul 23 16:48:11 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B03A116A4CE; Fri, 23 Jul 2004 16:48:11 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9027543D41; Fri, 23 Jul 2004 16:48:11 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.12.10/8.12.10) with ESMTP id i6NGm9OF014305; Fri, 23 Jul 2004 09:48:09 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.12.10/8.12.3/Submit) id i6NGm9ki014304; Fri, 23 Jul 2004 09:48:09 -0700 Date: Fri, 23 Jul 2004 09:48:09 -0700 From: Brooks Davis To: Maxim Sobolev Message-ID: <20040723164809.GA12747@Odin.AC.HMC.Edu> References: <16634.47272.768935.436137@grasshopper.cs.duke.edu> <200407182039.10773.dfr@nlsystems.com> <16634.54674.966908.540880@grasshopper.cs.duke.edu> <200407182104.53221.dfr@nlsystems.com> <16638.32914.509773.486468@grasshopper.cs.duke.edu> <1090421941.7114.26.camel@builder02.qubesoft.com> <41012639.3020102@portaone.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Nq2Wo0NMKNjxTN9z" Content-Disposition: inline In-Reply-To: <41012639.3020102@portaone.com> User-Agent: Mutt/1.5.4i cc: simokawa@freebsd.org cc: freebsd-current@freebsd.org cc: Andrew Gallatin Subject: Re: Excellent job on the firewire support! X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jul 2004 16:48:11 -0000 --Nq2Wo0NMKNjxTN9z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 23, 2004 at 05:52:41PM +0300, Maxim Sobolev wrote: > Doug Rabson wrote: >=20 > >On Wed, 2004-07-21 at 15:41, Andrew Gallatin wrote: > > > >>Doug Rabson writes: > >>> Actually thats the only downside of dcons. It doesn't cut in until th= e=20 > >>> firewire controller attaches. It relies on the fact that the fwohci= =20 > >>> driver allows access to physical memory from any node on the bus=20 > >>> (implemeted in hardware so you can examine the memory of a hung=20 > >>> machine). The dconschat program uses this feature to access the dcons= =20 > >>> ring buffers in the target machine. > >> > >>Does remote access to physical memory require dcons to be loaded > >>on the target? > > > > > >No. The remote access to physical memory is a hardware-implemented > >feature of the firewire ohci hardware. Its enabled in fwohci_attach(). > >In the long term, I would like to restrict this a bit but right now all > >you have to have is fwohci loaded on the target machine. >=20 > It would be nice to have some sysctl which to disable such access, since= =20 > it is BAD THING[tm] from the security POV. In high security environments, they use a tube of epoxy. ;-) -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --Nq2Wo0NMKNjxTN9z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFBAUFIXY6L6fI4GtQRAqLWAKC3q1TBDGvA7NMUWgb+q8oTvvtU1gCgy48/ Od+By7myC2GXEvE4ATAIU8w= =8lcY -----END PGP SIGNATURE----- --Nq2Wo0NMKNjxTN9z--