Subject: Re: wpi0: Full open source driver at openbsd
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 10/05/2007 12:51:56
>> This is not a blob in the sense that it could be potentially
>> dangerous since the firmware only runs on the card and nothing of
>> that is run on your computer.

And this makes it, exactly?  Do you never send
anything over your network interfaces or something?  The firmware is
perfectly positioned to meddle with and/or snoop on anything sent or
received over that interface.

> If your network card can access memory (and it _must_ be able to, or
> it would be mostly useless), then it _is_ potentially dangerous.  It
> could probably fairly easily dump anything in RAM over the network to
> some other machine.

Only if the DMA mapping is set up to allow it access to that RAM - or
if your machine is so stupidly designed that a DMA bus master can
access memory it hasn't specifically been set up with access to.  While
there are undoubtedly such systems, I would hope that nothing using a
wpi would be quite that low-end.

I do, however, know that it's not going to be used on *my* systems.  (I
won't use an ath either, because of the lack of source to the HAL.)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B