Subject: Re: securelevel bypass by entering SMM mode on x86
To: Travis H. <travis@nexus.subspacefield.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-kern
Date: 11/08/2006 20:45:13
On Wed, Nov 08, 2006 at 06:56:04PM -0600, Travis H. wrote:
> Just wanted to see if you've seen this
> (sorry, also posted to port-i386, should have prolly been here):
> 
> http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf

I don't get it.  There are certainly easier ways to overwrite the kernel
if one is given access to a privileged I/O permission level.  It's long
been known that i386_iopl() should be forbidden if the securelevel > 0.

-- 
  Thor Lancelot Simon	                                     tls@rek.tjls.com

  "We cannot usually in social life pursue a single value or a single moral
   aim, untroubled by the need to compromise with others."      - H.L.A. Hart