Bugtraq mailing list archives
Re: [Full-disclosure] Firewire Attack on Windows Vista
From: Tim <tim-security () sentinelchicken org>
Date: Thu, 6 Mar 2008 14:30:22 -0800
Hi Glenn,
It should be realized though that fixing this is not necessarily a simple thing, nor are architectural considerations missing.
I most probably understated the difficulty of implementing a safe ieee1394 DMA driver earlier. However, it's one of those things where the drivers ought to at least default to a safe configuration and allow those who like operating in the "wild west" for the purposes of speed to do so.
As for what can be done by Windows (as opposed to "any OS"), that is perhaps limited by the great range of underlying hardware. A compromise which might allow DMA to/from disks, tapes, or CDs but disallow it for most other peripherals might turn out to be the best general solution available, or something comparably ugly.
In the specific case of FireWire, Windows already does this, but that is exactly how the restrictions were bypassed. You can't trust a disk device any more than any other device, since a laptop can simply emulate a storage device. cheers, tim
Current thread:
- RE: [Full-disclosure] Firewire Attack on Windows Vista Glenn.Everhart (Mar 07)
- Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 07)