Subject: Re: wpi0: Full open source driver at openbsd
To: None <tech-kern@NetBSD.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Date: 10/05/2007 12:51:56
>> This is not a blob in the sense that it could be potentially
>> dangerous since the firmware only runs on the card and nothing of
>> that is run on your computer.
And this makes it non-dangerous..how, exactly? Do you never send
anything over your network interfaces or something? The firmware is
perfectly positioned to meddle with and/or snoop on anything sent or
received over that interface.
> If your network card can access memory (and it _must_ be able to, or
> it would be mostly useless), then it _is_ potentially dangerous. It
> could probably fairly easily dump anything in RAM over the network to
> some other machine.
Only if the DMA mapping is set up to allow it access to that RAM - or
if your machine is so stupidly designed that a DMA bus master can
access memory it hasn't specifically been set up with access to. While
there are undoubtedly such systems, I would hope that nothing using a
wpi would be quite that low-end.
I do, however, know that it's not going to be used on *my* systems. (I
won't use an ath either, because of the lack of source to the HAL.)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML firstname.lastname@example.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B