On Thu, 09 Feb 2012, Russell Coker wrote: > There are devices which use firewire to directly access system RAM. It is > also possible to design a PCI/PCIe card which does bus-mastering on external > control to dump RAM contents. I've seen a live demonstration of the use of
In both cases, an active IOMMU in strict mode should be able to avoid unrestricted access to system RAM. The GPU is another nasty piece that can do a lot of damage, and which you really ought to keep fenced by the IOMMU. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120210012709.gb7...@khazad-dum.debian.net
