From owner-freebsd-firewire@FreeBSD.ORG Wed Nov 17 01:40:45 2004 Return-Path: Delivered-To: freebsd-firewire@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DCF816A4CE; Wed, 17 Nov 2004 01:40:44 +0000 (GMT) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF8FA43D60; Wed, 17 Nov 2004 01:40:43 +0000 (GMT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 48F7D65211; Wed, 17 Nov 2004 01:40:42 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 36056-02; Wed, 17 Nov 2004 01:40:41 +0000 (GMT) Received: from empiric.dek.spc.org (dhcp120.icir.org [192.150.187.120]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 18410651EB; Wed, 17 Nov 2004 01:40:41 +0000 (GMT) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id 36BFD66A3; Tue, 16 Nov 2004 17:40:37 -0800 (PST) Date: Tue, 16 Nov 2004 17:40:37 -0800 From: Bruce M Simpson To: Maximillian Dornseif Message-ID: <20041117014037.GP1468@empiric.icir.org> Mail-Followup-To: Maximillian Dornseif , freebsd-security@freebsd.org, freebsd-firewire@freebsd.org References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="1LKvkjL3sHcu1TtY" Content-Disposition: inline In-Reply-To: cc: freebsd-security@freebsd.org cc: freebsd-firewire@freebsd.org Subject: Re: FireWire Security issues X-BeenThere: freebsd-firewire@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Firewire support in FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Nov 2004 01:40:45 -0000 --1LKvkjL3sHcu1TtY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 16, 2004 at 09:30:09PM +0100, Maximillian Dornseif wrote: > looking into the issue described in the advisory below I wonder how to=20 > tackle this issues. Primarily > I ask myself >=20 > * is there any reason not to filter all physical memory access by default > * what would be the appropriate way to change the filter set? a sysctl? This is totally not news, this has been discussed in various circles for the past 5 years, though it's nice to see someone presenting an old attack in a new way. You can only filter the accesses by implementing filter logic in the PCI bridge to main memory to deny the accesses, or the PCI bus arbiter, or failing that, the FireWire to PCI host controller itself. The CPU and operating system are not able to intervene here in any way. Regards, BMS --1LKvkjL3sHcu1TtY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: '' iD8DBQFBmqwUueUpAYYNtTsRApZrAJ9DJzC1b6kBlojXohCfLQOxULm5xgCfUvfI eSN+nOup7hadrXtW0h/oe7c= =mdS6 -----END PGP SIGNATURE----- --1LKvkjL3sHcu1TtY--