Certainly in VMS there is DMA opened up, but only to buffers that are known and checked to be legal for such. This is a source of considerable complexity in the drivers, and depending on hardware architecture (number of control registers available, for example, to control DMA channels) limits both number of concurrent operations and size of some operations. For example, the max size of magtape records is limited, in part to conserve such bandwidth for use with disks. If driver writers adopt a "wild-west" approach where the DMA space is left wide open, obviously the security of anything within memory is totally open to whatever a smart peripheral may do. It should be realized though that fixing this is not necessarily a simple thing, nor are architectural considerations missing. But with the advent of more and more smart "peripherals" (at least some of which are commonly user programmable), open DMA access amounts to peek/poke control over all of memory and the abdication by the OS involved of any pretense of security whatever. As for what can be done by Windows (as opposed to "any OS"), that is perhaps limited by the great range of underlying hardware. A compromise which might allow DMA to/from disks, tapes, or CDs but disallow it for most other peripherals might turn out to be the best general solution available, or something comparably ugly. Glenn Everhart -----Original Message----- From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx]On Behalf Of Larry Seltzer Sent: Thursday, March 06, 2008 3:36 PM To: Tim Cc: Full Disclosure; Bugtraq Subject: Re: [Full-disclosure] Firewire Attack on Windows Vista >>No, the iPod device signature makes Windows drivers think it should allow DMA access for that device because it detect it as a disk device. >>Other disk device signatures would likely work the same way, that's just the one he happened to emulate. Is it not possible for Windows (or any OS) to open up DMA for a device only to a certain range? If not, what options are available? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ----------------------------------------- This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you.
