Re: Reliability of RPC services

[Jesse D. McDonald]

On Wednesday 26 April 2006 19:17, Jonathan S. Shapiro wrote:
> On Wed, 2006-04-26 at 19:05 -0500, Jesse D. McDonald wrote:
> > On Wednesday 26 April 2006 18:07, Christopher Nelson wrote:
> > > This is my point.  The PCI driver may not KNOW about all the legacy
> > > ports.  And why should it need to?  Does it need to know about every
> > > legacy port for every ISA device ever made?
> >
> > This appears to be the primary point of contention for at least one
> > version of this thread, but the resolution is simple. In no case would an
> > untrusted device driver loaded by the user be granted free access to
> > either the PCI bus (or any device thereon, given their DMA capabilities)
> > or the system I/O space.
>
> Good. Then we are done, because this is basically the universal set of
> all devices.

It's actually a fairly limited set of devices. It doesn't include, for 
example, USB or IEEE-1394 devices (even if they happen to be accessed through 
a PCI controller), or (probably) ATA devices (it depends on the ATA 
protocol). In other words, it doesn't include any devices which a user might 
reasonably be expected to connect to a computer without physically taking it 
apart. If you can take the computer apart, then software security isn't 
really an obstacle. The only device unders discussion which wouldn't be 
eligible for an untrusted driver would be the PCI/ISA device you brought up, 
and CardBus devices. In the latter case, since CardBus devices can be bus 
controllers by themselves, you've *already* compromised your security the 
moment such a device is plugged in to an active bus.

pgpW0pWoFWtPQ.pgp
Description: PGP signature