Re: Wiretapping Linux?

From: Jan Engelhardt
Date: Wed May 17 2006 - 14:46:36 EST

Next message: Martin Peschke: "[RFC] [Patch 1/6] statistics infrastructure - prerequisite: listoperation"
Previous message: Valdis . Kletnieks: "Re: [RFC] [Patch 0/8] statistics infrastructure"
In reply to: Avi Kivity: "Re: Wiretapping Linux?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> > A pci device can read system RAM and other memory-mapped PCI devices
>> > (such as display framebuffers) using DMA. In addition, a pci (but not
>> > pci-express) device can snoop on pci bus traffic to other devices.
>> > Typically, however, hard drive controllers will be integrated into the
>> > chipset so the data is not on the bus.
>>
>> Thanks for providing this information. This makes the binary firmware
>> required for peripherals even more interesting for security conscious
>> people.
>
> Note that some machines have IOMMUs so it may be possible to prevent a device
> from reading main memory, perhaps at a performance cost.
>
> My AMD machine disables the IOMMU on startup.
>
> If you don't trust your hardware there are only two solutions: keep it off the
> net or keep it off.

It gets even more complex with remote management solutions, ranging from
simple PCI boards that can reset the machine to fully-integrated [like
Sun's RSC] processors that can poke anything.

Jan Engelhardt
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Martin Peschke: "[RFC] [Patch 1/6] statistics infrastructure - prerequisite: listoperation"
Previous message: Valdis . Kletnieks: "Re: [RFC] [Patch 0/8] statistics infrastructure"
In reply to: Avi Kivity: "Re: Wiretapping Linux?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]