Bug#46709: Mach lets processes write to I/O ports

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug#46709: Mach lets processes write to I/O ports

From:	Kalle Olavi Niemitalo
Subject:	Bug#46709: Mach lets processes write to I/O ports
Date:	03 May 2001 11:53:41 +0300

tags 46709 security
severity 46709 critical
quit

Letting processes write to EGA ports isn't that awful (with
today's sync-protected monitors), but if Mach also lets them
write to ports used by IDE or SCSI, then it "introduces a
security hole on systems where you install the package."

No, I didn't really test whether Mach allows that -- I don't know
enough about IDE to do that in a way that won't hurt my data.
However, I think it's very likely.  Please show I'm mistaken.

This would be a local attack, but might not require any UIDs.

[Prev in Thread]

Current Thread

[Next in Thread]

Bug#46709: Mach lets processes write to I/O ports, Kalle Olavi Niemitalo <=
- Processed: Re: Mach lets processes write to I/O ports, Debian Bug Tracking System, 2001/05/03

Prev by Date: Re: [PATCH] tmpfs: now working
Next by Date: Processed: Re: Mach lets processes write to I/O ports
Previous by thread: Re: Interaction of pthreads and cthreads
Next by thread: Processed: Re: Mach lets processes write to I/O ports
Index(es):
- Date
- Thread