From owner-freebsd-security@FreeBSD.ORG Wed Nov 17 20:56:28 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 91C1816A4CE for ; Wed, 17 Nov 2004 20:56:28 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A50043D41 for ; Wed, 17 Nov 2004 20:56:28 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id iAHKvbXI009255; Wed, 17 Nov 2004 12:57:37 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id iAHKvbOH009254; Wed, 17 Nov 2004 12:57:37 -0800 Date: Wed, 17 Nov 2004 12:57:37 -0800 From: Brooks Davis To: Borja Marcos Message-ID: <20041117205737.GA8233@odin.ac.hmc.edu> References: <419AAEE3.9020900@elischer.org> <4511D7AF-38AD-11D9-872F-000393C94468@sarenet.es> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy" Content-Disposition: inline In-Reply-To: <4511D7AF-38AD-11D9-872F-000393C94468@sarenet.es> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: freebsd-security@freebsd.org cc: Julian Elischer Subject: Re: FireWire Security issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Nov 2004 20:56:28 -0000 --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 17, 2004 at 04:28:02PM +0100, Borja Marcos wrote: > >yes we've been aware of this problem for a year or so :-) > >I guess we need to get the filters done.. > >We do of course use firewire for remote kernel debugging with great=20 > >success so we > >need to be able to turn it off sometimes :-) >=20 > Anyway, Firewire isn't Ethernet. A rogue device connected to an SCSI=20 > port (or an USB port) could sniff traffic sent to other devices, isn't= =20 > it? It's a matter of how closely-coupled do you consider the interface;= =20 > an Ethernet is more loosely coupled than a Firewire. You assume than an= =20 > Ethernet may carry dangerous traffic, but, do you assume the same for a= =20 > SCSI, a USB or a Firewire port, I mean, the kind of interface you use=20 > for hard disks, etc? >=20 > BTW, provided that USB ports are connected in parallel... a rogue=20 > USB device could sniff a user's keyboard activity or even generate rogue= =20 > keyboard activity, isn't it? Firewire presents much more risk then most other busses because it provides direct access to the address space of the host machine. The means you can read or modify everything include kernel code and data. That said, this is really useful for debugging. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFBm7tBXY6L6fI4GtQRAq2DAKCvhlgmSBLM2gcA6jsOU5IwVB6wOgCg2YIz rECMAcCK9A6NfWDdWydgWhA= =7p9v -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy--