Tony Abernethy <t...@servasoftware.com> wrote: > > Somewhat embarrassingly, OpenBSD has never had a working Firewire > > implementation. > > As I understand it, only the malware writers are embarrassed.
The fanboys here need to understand that OpenBSD does have actual deficiencies, and trying to rationalize them away as conscious "security" decisions is just stupid. The reason OpenBSD doesn't have Firewire support is that the three or so attempts by developers to implement it have all petered out without result. > Any time all of system memory is open to Read/Write access by > hardware (with the assist of local BIOSes etc), ... This can be disabled with the flip of a bit. (On FreeBSD, set hw.firewire.phydma_enable=0 in the boot loader.) If you are worried about a remaining attack window, then OpenBSD's lack of support does nothing to fix it. Firewire's memory access can also be used to implement remote kernel debugging. Every general hackathon, one developer or the other can be overheard wishing for such a facility. -- Christian "naddy" Weisgerber na...@mips.inka.de
