Subject: Re: i386 + aperture + 1.6Q
To: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
From: Perry E. Metzger <perry@piermont.com>
List: current-users
Date: 03/28/2003 15:24:28
Pavel Cahyna <pcah8322@artax.karlin.mff.cuni.cz> writes:
> > No. All video cards newer than, say, eight years ago have features
> > that prevent any such attempt from possibly working.
> > 
> > Consider, for example, that all such cards have DMA controllers on
> > board -- DMA controllers which can be programmed to move bits into and
> > out of arbitrary portions of memory.
> 
> Consider a daemon which runs in a chroot jail. The files and directories 
> in the jail are made immutable. Say that the daemon is exploited and the
> attacker gains root privileges. How will he program the DMA controller
> of the video card if there is no /dev/xf86 in the chroot jail? But if
> you compile the kernel with option INSECURE, he will be able to inset
> the immutable flag on directories and make any device node he wants.

He can't touch any directory he wants, because he's in a chroot jail. :)


-- 
Perry E. Metzger		perry@piermont.com