On 2023-08-18, whistlez <whistlez...@riseup.net> wrote: > > 2. There are multiple methods for RAM dumping, some of which cannot be > circumvented and do not require specific software or interfaces. For > example: > a. Through a 'cold boot attack,' it's possible to dump RAM from an > uncompromised operating system. (Reference: > https://en.wikipedia.org/wiki/Cold_boot_attack) > b. Through a DMA attack, leveraging FireWire or other hardware > interfaces, it's possible to dump RAM. I believe that, in this case, as > in the previous one, the kernel would be completely unaware. An example > of this kind of attack and dump is "inception" > (https://github.com/carmaa/inception). > c. In a virtualized environment such as VMM, VirtualBox, VMware, > etc. (we know OpenBSD can be virtualized), you can acquire RAM without > the operating system knowing.
I think it would be better to concentrate on the above methods. They don't rely on bypassing security measures in the OS (allowing /dev/mem from userland means you turn some possible attacks from "must subvert the kernel" to "must subvert root"), and sidestep the "can you trust the kernel" problem. -- Please keep replies on the mailing list.
