From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dave Feustel Subject: Re: Is Xen affected by this x86 hardware security hole? Date: Tue, 02 May 2006 09:54:35 -0500 Message-ID: <200605020954.36776.dfeustel@mindspring.com> References: <200605020902.37624.dfeustel@mindspring.com> <200605021410.22092.mark.williamson@cl.cam.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Return-path: In-reply-to: Content-disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Keir Fraser Cc: xen-devel@lists.xensource.com, Mark Williamson List-Id: xen-devel@lists.xenproject.org On Tuesday 02 May 2006 08:25, Keir Fraser wrote: > > On 2 May 2006, at 14:10, Mark Williamson wrote: > > > * X running in dom0 can, in principle, subvert any domain you're > > running, if X > > itself gets subverted. A bug in X in dom0 could hang the machine in > > principle. > > Yes, although you are a little better off on Xen -- for example iopl==3 > doesn't let you disable interrupts, as it does on native. However, the > X server will still have access to most I/O ports and can certainly > wreak havoc because of that. > > For this specific problem, it would make sense to ensure that D_LCK is > set during boot, so that noone can thereafter modify the SMM memory > space. You need to know something about PCI space to do that, though, > so it would make sense for us to leave that to domain0. > > -- Keir Thanks for the resonses. For those interested in the gory details of a proof-of-concept exploit, it's all laid out in the 16-page pdf by Loic Duflot: http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"