I've been reading about the effectiveness of attacks from devices with DMA access such as Firewire mass storage devices. http://www.eweek.com/c/a/Security/Firewire-The-Skeleton-Keyhole-Into-Your-System/?kc=EWKNLSTE031108FEA1
The article states that this affects Mac, Windows, and Linux machines with FW ports, because the device that is granted DMA access through the FW interface is given read/write access to all memory. It can then apparently determine the OS type and start doing things to memory, outside of the control of the CPU and therefore of the kernel. This includes reading encryption keys, writing to executable memory, etc. The very flexibility of Firewire to hook up different machines, with different operating systems, and have one see the other as a mass storage device appears to be one source of the risk. Does anything in the hardened toolchain, kernel with grsec, etc., protect against this? Chris Buxton Professional Services Men & Mice -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
