[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] Firewire Attack on Windows Vista
Certainly in VMS there is DMA opened up, but only to buffers that are known
and checked to be legal for such. This is a source of considerable complexity
in the drivers, and depending on hardware architecture (number of control registers
available, for example, to control DMA channels) limits both number of concurrent
operations and size of some operations. For example, the max size of magtape
records is limited, in part to conserve such bandwidth for use with disks.
If driver writers adopt a "wild-west" approach where the DMA space is left wide
open, obviously the security of anything within memory is totally open to
whatever a smart peripheral may do.
It should be realized though that fixing this is not necessarily a simple
thing, nor are architectural considerations missing. But with the advent of
more and more smart "peripherals" (at least some of which are commonly user
programmable), open DMA access amounts to peek/poke control over all of memory
and the abdication by the OS involved of any pretense of security whatever.
As for what can be done by Windows (as opposed to "any OS"), that is perhaps
limited by the great range of underlying hardware. A compromise which might allow
DMA to/from disks, tapes, or CDs but disallow it for most other peripherals
might turn out to be the best general solution available, or something
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx]On Behalf Of Larry
Sent: Thursday, March 06, 2008 3:36 PM
Cc: Full Disclosure; Bugtraq
Subject: Re: [Full-disclosure] Firewire Attack on Windows Vista
>>No, the iPod device signature makes Windows drivers think it should
allow DMA access for that device because it detect it as a disk device.
>>Other disk device signatures would likely work the same way, that's
just the one he happened to emulate.
Is it not possible for Windows (or any OS) to open up DMA for a device
only to a certain range?
If not, what options are available?
eWEEK.com Security Center Editor
Contributing Editor, PC Magazine
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
This transmission may contain information that is privileged,
confidential, legally privileged, and/or exempt from disclosure
under applicable law. If you are not the intended recipient, you
are hereby notified that any disclosure, copying, distribution, or
use of the information contained herein (including any reliance
thereon) is STRICTLY PROHIBITED. Although this transmission and
any attachments are believed to be free of any virus or other
defect that might affect any computer system into which it is
received and opened, it is the responsibility of the recipient to
ensure that it is virus free and no responsibility is accepted by
JPMorgan Chase & Co., its subsidiaries and affiliates, as
applicable, for any loss or damage arising in any way from its use.
If you received this transmission in error, please immediately
contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format. Thank you.