Date: Wed, 26 Mar 2008 14:23:32 +1100 From: Norberto Meijome <freebsd@meijome.net> To: freebsd-security@freebsd.org Subject: Re: Firewire vulnerability applicable on FreeBSD? Message-ID: <20080326142332.79f6cb20@meijome.net> In-Reply-To: <47d0403c0803222303t6274bd75la707f4232d44db8d@mail.gmail.com> References: <20080322181209.GJ66530@obiwan.tataz.chchile.org> <47d0403c0803222303t6274bd75la707f4232d44db8d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 23 Mar 2008 02:03:40 -0400 "Ben Kaduk" <minimarmot@gmail.com> wrote: > Hi Jeremie, > > On 3/22/08, Jeremie Le Hen <jeremie@le-hen.org> wrote: > > Hi there, > > > > I've stumbled on this article. I wonder if this is applicable to > > FreeBSD. Would it still be possible to exploit it without a firewire > > driver? > > > > http://www.dailytech.com/Lock+Your+Workstations+Or+Not+New+Tool+Bypasses+Windows+Logon/article10972.htm > > > > ``That's not a bug, it's a feature''. > > That is, the firewire spec requires that it has full read/write access to all > physical memory, in the same way that the PCI bus has full read/write > access to physical memory. > > Thus, with direct access to a firewire port, a malicious person can > grub around kernel memory and frob whatever they want (yet > another reason why physical security is important). > [...] > > Basically, once an attacker has physical access to your machine, > you've lost; this is just one possible route that such an attacker > could take. Indeed. When Adam B. presented this @ RuxCon 06 (Sydney, AU), he said, IIRC, that he had communicated with MS, but they had (probably rightly) told him it wasn't really a security hole, as once you had physical access all bets were off. The easiest way around this is to simply NOT build firewire into your kernel, but load it as you need it. It won't prevent all attacks but it will reduce your exposure (assuming, of course, that you never leave your computer alone, running or without boot / disk password and bolted into place.... :D ). It was quite impressive though, to see the guy take over some dude's windog laptop (from the audience) in 30 seconds. He's always good fun to watch :P B _________________________ {Beto|Norberto|Numard} Meijome "I was born not knowing and have had only a little time to change that here and there." Richard Feynman I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080326142332.79f6cb20>