Subject: Re: some questions
To: Manuel Bouyer <bouyer@antioche.eu.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 01/07/2006 14:18:12
On Sat, Jan 07, 2006 at 11:54:55AM +0100, Manuel Bouyer wrote:
> On Sat, Jan 07, 2006 at 08:59:38AM +0100, Pavel Cahyna wrote:
> > On Sat, Jan 07, 2006 at 05:44:50AM +0100, Manuel Bouyer wrote:
> > > On Sat, Jan 07, 2006 at 01:14:49AM +0100, Pavel Cahyna wrote:
> > > > Why?
> > > >
> > > > if you have root in a domU, you don't need a kernel bug to use DMA, which
> > > > opens the door to dom0.
> > >
> > > How do you get access to the DMA register if you don't take control over
> > > the kernel ?
> >
> > i386_iopl ?
>
> int
> i386_iopl(l, args, retval)
> {
> [...]
> if (securelevel > 1)
Securelevel > 1? That test should be securelevel >= 1. It's a serious
bug if it's not.
--
Thor Lancelot Simon tls@rek.tjls.com
"We cannot usually in social life pursue a single value or a single moral
aim, untroubled by the need to compromise with others." - H.L.A. Hart