[...]
> Using ioperm() instead of iopl(3) reduces the impact of X's hardware
> priviledges _greatly_. Most cards would be 100% safe, and maybe some cards
> need some theoretical and crazy and hardware-specific exploit. (one needs
> to start a busmaster DMA request to overwrite kernel memory... almost
> impossible to get this right as at the priviledge level where the exploit
> might run we do not have knowledge about virtual->physical mappings, thus
> there is no reliable way to DMA some exploit code into the kernel ... yes
> the system can crash but thats just a mild D.O.S. attack, not a root
> exploit).
I wouldn't be so sure... the kernel is loaded into physical RAM by lilo (or
whatever), so the physical layout should be more or less constant. And
that's all you'd need. Or am I totally off base here?
-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu