On Fri, Jan 06, 2006 at 09:22:33PM +0100, Manuel Bouyer wrote:
> On Fri, Jan 06, 2006 at 03:07:42PM -0500, Thor Lancelot Simon wrote:
> > In other words, just as I originally said, if you grant an
> > "unprivileged" domain access to a PCI device that does DMA, you no
> > longer have a domain that is actually unprivileged at all -- a bug in
> > its kernel has precisely the same consequences as a bug in the domain
> > 0 kernel; the "privileged/unprivileged" distinction disappears.
> 
> Yes, of course, I understand that. However a bug in a domU application
> gives you root in that domU; you then have to find a kernel bug to
> gets to dom0. It's one more step than direct root in domain0.

Why?

if you have root in a domU, you don't need a kernel bug to use DMA, which
opens the door to dom0.

Pavel Cahyna