Subject: Re: i386 + aperture + 1.6Q
To: Greywolf <email@example.com>
From: Pavel Cahyna <firstname.lastname@example.org>
Date: 03/28/2003 20:41:35
> Thus spake Perry E. Metzger ("PEM> ") sometime Today...
> PEM> Consider, for example, that all such cards have DMA controllers on
> PEM> board -- DMA controllers which can be programmed to move bits into and
> PEM> out of arbitrary portions of memory.
> Oh, icky. I was completely unaware of this! Thank you for the edification.
Me too, it's a good point, but since there are heaps of ISA cards
which AFAIK never have DMA capabilities, it is not always true. You wan't
put a super-modern nVidia card in a secure server.
(Maybe you will not even run X11 on a secure server, but that's another
Also, securelevel will make at least the attack harder and you may be
able to disgust many scripts kiddies that are unaware of possibilities
bring by modern VGA cards.
Also, what about DRI? Doesn't it allow the access to the DMA controller
even for non-root users?
And what about Microsoft's DirectX? :-)