At Sat, 13 Apr 2002 12:41:10 -0700 (PDT), Mikko Tyolajarvi wrote: > > In local.freebsd.hackers you write: > > >Quoted from 00README in > >http://people.freebsd.org/~simokawa/firewire-20020412.tar.gz > > > As you know, IEEE1394 is a bus and OHCI supports physical access > > to the host memory. This means that you can access the remote > > host over firewire without software support at the remote host. > > In other words, you can investigate remote host's physical memory > > whether its OS is alive or crashed or hangs up. > > Umm... excuse a stupid question, but does this mean that a firewire > port always gives unconditional access to the host's memory? Great > for kernel debugging. Maybe not so great for a running system, from a > security point a view (ok, physical access eventually equals full > access, but plugging in a firewire cable is a heck of a lot faster > than using a screwdriver...)
As Kobayashi-san said, it can be restricted and I suppose OHCI doesn't allow physical access by default(after hardware reset). Our driver allows it mostly for SBP-II. SBP devices read/write host memory directly(DMA). If you prefer security to performance, You could disallow physical access and inspect all transactions. You could also allow it only to SBP-II nodes and debugger nodes. (Node id could change after bus reset) My recommendation is not to connect untrusable devices. /\ Hidetoshi Shimokawa \/ [EMAIL PROTECTED] PGP public key: http://www.sat.t.u-tokyo.ac.jp/~simokawa/pgp.html To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
