Subject: Re: i386 + aperture + 1.6Q
To: Perry E. Metzger <firstname.lastname@example.org>
From: Pavel Cahyna <email@example.com>
Date: 03/28/2003 20:34:57
> No. All video cards newer than, say, eight years ago have features
> that prevent any such attempt from possibly working.
> Consider, for example, that all such cards have DMA controllers on
> board -- DMA controllers which can be programmed to move bits into and
> out of arbitrary portions of memory.
Consider a daemon which runs in a chroot jail. The files and directories
in the jail are made immutable. Say that the daemon is exploited and the
attacker gains root privileges. How will he program the DMA controller
of the video card if there is no /dev/xf86 in the chroot jail? But if
you compile the kernel with option INSECURE, he will be able to inset
the immutable flag on directories and make any device node he wants.
So in this case, I believe that securelevel combined with the aperture
driver is a win.
The point is that the aperture driver opens some possible risks, but
option INSECURE opens much more.