Subject: Re: i386 + aperture + 1.6Q
To: Pavel Cahyna <pavel.cahyna@st.ms.mff.cuni.cz>
From: Eric Anholt <eta@lclark.edu>
List: current-users
Date: 03/28/2003 19:00:02
On Fri, 2003-03-28 at 11:41, Pavel Cahyna wrote:
> > Thus spake Perry E. Metzger ("PEM> ") sometime Today...
> > 
> > PEM> Consider, for example, that all such cards have DMA controllers on
> > PEM> board -- DMA controllers which can be programmed to move bits into and
> > PEM> out of arbitrary portions of memory.
> > 
> > Oh, icky.  I was completely unaware of this!  Thank you for the edification.
> 
> Me too, it's a good point, but since there are heaps of ISA cards 
> which AFAIK never have DMA capabilities, it is not always true. You wan't
> put a super-modern nVidia card in a secure server.
> 
> (Maybe you will not even run X11 on a secure server, but that's another
> story).
> 
> Also, securelevel will make at least the attack harder and you may be
> able to disgust many scripts kiddies that are unaware of possibilities
> bring by modern VGA cards.
> 
> Also, what about DRI? Doesn't it allow the access to the DMA controller
> even for non-root users?

Basically, a program using the DRI creates buffers of commands to be
executed, then does an ioctl on the DRM device.  The DRM then checks
that buffer if necessary and dispatches it to the card.  This system
should prevent users (with DRI priveleges) from accessing arbitrary
memory with the DMA capabilities of the card.  It doesn't prevent them
from hanging the system, which the developers have decided is basically
impossible to do.

-- 
Eric Anholt                                eta@lclark.edu          
http://people.freebsd.org/~anholt/         anholt@FreeBSD.org