Re: 3dfx - a security hazard?

Krzysztof G. Baranowski (kgb@manjak.knm.org.pl)
Fri, 12 Mar 1999 15:33:34 +0100 (EET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dietmar Stein: "Kernelupgrade / Re: Too many open files error"
Previous message: Geert Uytterhoeven: "Re: ide_set_handler: timer already active"
In reply to: Alan Cox: "Re: 3dfx - a security hazard?"

On Fri, 12 Mar 1999, Alan Cox wrote:
> It isnt just PCI config space . At least it doesnt appear to be. A
> simple loop dumping /vmlinuz to the mmio space on a 3dfx card appears
> to crash the card, the bus and the PC.
Aaah, okay. I didn't know that.

> If it was just PCI configuration space it would be relatively easy to
> fix - you make PCI config setup root only and provide a "set3dfx" tool
No, it wouldn't. It's worse than you think. It's not just PCI config
setup problem. The doQuery() ioctl is called many times from within
Glide. For example, when running simple 'test3Dfx' program (which
just initializes the board, displays 3Dfx logo and exit), doQuery()
is called 25 times or more.

To make the driver safe, one would have to redesign the whole stuff
or... chg gur Tyvqr vagb gur xreary <very evil grin>.

Kris

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dietmar Stein: "Kernelupgrade / Re: Too many open files error"
Previous message: Geert Uytterhoeven: "Re: ide_set_handler: timer already active"
In reply to: Alan Cox: "Re: 3dfx - a security hazard?"