On Fri, Jul 23, 2004 at 05:52:41PM +0300, Maxim Sobolev wrote: > Doug Rabson wrote: > > >On Wed, 2004-07-21 at 15:41, Andrew Gallatin wrote: > > > >>Doug Rabson writes: > >>> Actually thats the only downside of dcons. It doesn't cut in until the > >>> firewire controller attaches. It relies on the fact that the fwohci > >>> driver allows access to physical memory from any node on the bus > >>> (implemeted in hardware so you can examine the memory of a hung > >>> machine). The dconschat program uses this feature to access the dcons > >>> ring buffers in the target machine. > >> > >>Does remote access to physical memory require dcons to be loaded > >>on the target? > > > > > >No. The remote access to physical memory is a hardware-implemented > >feature of the firewire ohci hardware. Its enabled in fwohci_attach(). > >In the long term, I would like to restrict this a bit but right now all > >you have to have is fwohci loaded on the target machine. > > It would be nice to have some sysctl which to disable such access, since > it is BAD THING[tm] from the security POV. In high security environments, they use a tube of epoxy. ;-) -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:02 UTC