[funsec] Pentium Computers Vulnerable to Attack?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Apr 11 19:52:39 CDT 2006


On Tue, 11 Apr 2006 19:16:06 CDT, Matthew Murphy said:

> of physical memory.  The attack is sophisticated, rare and non-trivial,
> but the idea is that you can gain root privileges and then write to
> /dev/xf86.

Get root, and then use that to get root. What's wrong with this picture? :)

As I said - unless he found a way to do it from user mode, it's not interesting.

Of course, if /dev/xf86 is user-writable, and you use that to scribble on
SMM memory, thus trashing the SMM and getting root - *that*s an interesting
flaw in the /dev/xf86 implementation...

> SMM is a way to break out of them.  Frankly, if you're running X and MAC
> on the same box, that's a bit of a messed up security posture to me.

Actually, people are working on an SELinux-enhanced X, and I suspect that
proper use of the X Security extension would by itself make it MAC-tolerant.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://linuxbox.org/pipermail/funsec/attachments/20060411/2dfa0cf9/attachment.pgp


More information about the funsec mailing list