Firewire and similar DMA attacks

Chris Buxton cbuxton at menandmice.com
Tue Mar 11 13:34:07 PDT 2008


I've been reading about the effectiveness of attacks from devices with  
DMA access such as Firewire mass storage devices.
http://www.eweek.com/c/a/Security/Firewire-The-Skeleton-Keyhole-Into-Your-System/?kc=EWKNLSTE031108FEA1

The article states that this affects Mac, Windows, and Linux machines  
with FW ports, because the device that is granted DMA access through  
the FW interface is given read/write access to all memory. It can then  
apparently determine the OS type and start doing things to memory,  
outside of the control of the CPU and therefore of the kernel. This  
includes reading encryption keys, writing to executable memory, etc.  
The very flexibility of Firewire to hook up different machines, with  
different operating systems, and have one see the other as a mass  
storage device appears to be one source of the risk.

Does anything in the hardened toolchain, kernel with grsec, etc.,  
protect against this?

Chris Buxton
Professional Services
Men & Mice



More information about the hlfs-dev mailing list