|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Is Xen affected by this x86 hardware security hole?
On Tuesday 02 May 2006 08:25, Keir Fraser wrote: > > On 2 May 2006, at 14:10, Mark Williamson wrote: > > > * X running in dom0 can, in principle, subvert any domain you're > > running, if X > > itself gets subverted. A bug in X in dom0 could hang the machine in > > principle. > > Yes, although you are a little better off on Xen -- for example iopl==3 > doesn't let you disable interrupts, as it does on native. However, the > X server will still have access to most I/O ports and can certainly > wreak havoc because of that. > > For this specific problem, it would make sense to ensure that D_LCK is > set during boot, so that noone can thereafter modify the SMM memory > space. You need to know something about PCI space to do that, though, > so it would make sense for us to leave that to domain0. > > -- Keir Thanks for the resonses. For those interested in the gory details of a proof-of-concept exploit, it's all laid out in the 16-page pdf by Loic Duflot: http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing" _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |