DMA for firewire opens security hole
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Won't Fix
|
Medium
|
Colin Ian King | ||
Hardy |
Invalid
|
Undecided
|
Unassigned |
Bug Description
As Adam Boileau and others pointed out, Firewire has direct memory access without any participation of the OS.
Using some nice tools he provides on his website http://
There's a very easy solution to this: ohci1394 should be loaded with option "phys_dam=0" by default - maybe this slowdowns Firewire access a little, but the computer can't be forged anymore!
At least Gutsy doesn't do this as far as I can tell (my laptop didn't have the option set, according to modconf - now it has...)
Changed in linux: | |
assignee: | nobody → ubuntu-kernel-team |
importance: | Undecided → Medium |
status: | New → Triaged |
Oops, sorry - just discovered a typo:
It should read "phys_dma=0"