...on Tue, Mar 14, 2006 at 05:41:44PM -0700, Theo de Raadt wrote: > > > Yes, they have DMA engines. If the privilege seperate X server has a > > > bug, it can still wiggle the IO registers of the card to do DMA to > > > physical addresses, entirely bypassing system security. > > Wow. As if running a binary blob was not bad enough, video card > > binary blobs are suddenly found to be all-powerful. > This issue is not about binary blobs for video cards.
Using GPU shader programs to read from main memory was one of the ways mentioned as a possible attack on the XBox 360 security system in a presentation at 22C3 last year, though limited by the system's memory encryption in that case. (Could well be contained in some binary blob, but that's another issue.) Alex.
