Ubuntu
linux package

DMA for firewire opens security hole

Bug #200109 reported by Friedemann Schorer
264
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Won't Fix
Medium
Colin Ian King
Ubuntu ubuntu-8.10
Hardy
Invalid
Undecided
Unassigned

Bug Description

As Adam Boileau and others pointed out, Firewire has direct memory access without any participation of the OS.
Using some nice tools he provides on his website http://storm.net.nz/projects/16 one can access the whole memory of a target computer as soon as one has physical access - no reboot needed! Some explanations on backgrounds and how to do it can be found in a PDF containing the slides of his talk at RuxCon 2006: http://storm.net.nz/static/files/ab_firewire_rux2k6-final.pdf

There's a very easy solution to this: ohci1394 should be loaded with option "phys_dam=0" by default - maybe this slowdowns Firewire access a little, but the computer can't be forged anymore!

At least Gutsy doesn't do this as far as I can tell (my laptop didn't have the option set, according to modconf - now it has...)

Tags: cft-2.6.27
Revision history for this message
Friedemann Schorer (friedemann-schorer) wrote :

Oops, sorry - just discovered a typo:

It should read "phys_dma=0"

Leann Ogasawara (leannogasawara)
Changed in linux:
assignee: nobody → ubuntu-kernel-team
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

The Ubuntu Kernel Team is planning to move to the 2.6.27 kernel for the upcoming Intrepid Ibex 8.10 release. As a result, the kernel team would appreciate it if you could please test this newer 2.6.27 Ubuntu kernel. There are one of two ways you should be able to test:

1) If you are comfortable installing packages on your own, the linux-image-2.6.27-* package is currently available for you to install and test.

--or--

2) The upcoming Alpha5 for Intrepid Ibex 8.10 will contain this newer 2.6.27 Ubuntu kernel. Alpha5 is set to be released Thursday Sept 4. Please watch http://www.ubuntu.com/testing for Alpha5 to be announced. You should then be able to test via a LiveCD.

Please let us know immediately if this newer 2.6.27 kernel resolves the bug reported here or if the issue remains. More importantly, please open a new bug report for each new bug/regression introduced by the 2.6.27 kernel and tag the bug report with 'linux-2.6.27'. Also, please specifically note if the issue does or does not appear in the 2.6.26 kernel. Thanks again, we really appreicate your help and feedback.

Revision history for this message
Colin Ian King (colin-king) wrote :

Marking as "Won't Fix". Turning off DMA will reduce performance for the majority of users and we deem the security issue as low.

Changed in linux:
assignee: ubuntu-kernel-team → colin-king
milestone: none → ubuntu-8.10
status: Triaged → Won't Fix
Revision history for this message
Michael Nagel (nailor) wrote :

closing the milestone, too

Changed in linux:
status: New → Invalid
Revision history for this message
Jacob Appelbaum (jacob-appelbaum) wrote :

I've opened a new bug that is related as the situation has changed:
https://bugs.launchpad.net/ubuntu/+bug/879087

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.