From: Avi Kivity <avi@argo.co.il>
To: Joerg Pommnitz <pommnitz@yahoo.com>
Cc: Linux kernel <linux-kernel@vger.kernel.org>
Subject: Re: Wiretapping Linux?
Date: Wed, 17 May 2006 17:17:38 +0300 [thread overview]
Message-ID: <446B3082.1000200@argo.co.il> (raw)
In-Reply-To: <20060517132503.79272.qmail@web51410.mail.yahoo.com>
Joerg Pommnitz wrote:
> --- Avi Kivity schrieb:
>
>> A pci device can read system RAM and other memory-mapped PCI devices
>> (such as display framebuffers) using DMA. In addition, a pci (but not
>> pci-express) device can snoop on pci bus traffic to other devices.
>> Typically, however, hard drive controllers will be integrated into the
>> chipset so the data is not on the bus.
>>
>
> Thanks for providing this information. This makes the binary firmware
> required for peripherals even more interesting for security conscious
> people.
>
Note that some machines have IOMMUs so it may be possible to prevent a
device from reading main memory, perhaps at a performance cost.
My AMD machine disables the IOMMU on startup.
If you don't trust your hardware there are only two solutions: keep it
off the net or keep it off.
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2006-05-17 14:17 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-17 8:07 Wiretapping Linux? Joerg Pommnitz
2006-05-17 10:24 ` linux-os (Dick Johnson)
2006-05-17 12:02 ` Joerg Pommnitz
2006-05-17 12:16 ` Avi Kivity
2006-05-17 13:25 ` Joerg Pommnitz
2006-05-17 14:17 ` Avi Kivity [this message]
2006-05-17 18:47 ` Jan Engelhardt
-- strict thread matches above, loose matches on Subject: below --
2006-05-16 13:24 Marc Perkel
2006-05-16 13:48 ` Steven Rostedt
2006-05-16 13:56 ` Marc Perkel
2006-05-16 14:40 ` Jakob Oestergaard
2006-05-16 16:14 ` Steven Rostedt
2006-05-16 15:05 ` linux-os (Dick Johnson)
2006-05-16 15:55 ` Lee Revell
2006-05-16 16:12 ` Chase Venters
2006-05-16 20:29 ` Måns Rullgård
2006-05-16 20:47 ` Chase Venters
2006-05-18 11:25 ` Helge Hafting
[not found] ` <Pine.LNX.4.61.0605180741350.4006@chaos.analogic.com>
2006-05-18 12:41 ` Helge Hafting
2006-05-18 15:29 ` Jan Engelhardt
2006-05-16 17:09 ` Ingo Oeser
2006-05-16 17:27 ` Chase Venters
2006-05-17 0:57 ` Peter Chubb
2006-05-16 20:03 ` Willy Tarreau
2006-05-16 21:01 ` Måns Rullgård
2006-05-17 4:21 ` Willy Tarreau
2006-05-17 1:27 ` Valdis.Kletnieks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=446B3082.1000200@argo.co.il \
--to=avi@argo.co.il \
--cc=linux-kernel@vger.kernel.org \
--cc=pommnitz@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox