Re: Firewire vulnerability applicable on FreeBSD?

On Sun, 23 Mar 2008 02:03:40 -0400
"Ben Kaduk" <minimarmot@xxxxxxxxx> wrote:

Hi Jeremie,

On 3/22/08, Jeremie Le Hen <jeremie@xxxxxxxxxx> wrote:
Hi there,

I've stumbled on this article. I wonder if this is applicable to
FreeBSD. Would it still be possible to exploit it without a firewire

``That's not a bug, it's a feature''.

That is, the firewire spec requires that it has full read/write access to all
physical memory, in the same way that the PCI bus has full read/write
access to physical memory.

Thus, with direct access to a firewire port, a malicious person can
grub around kernel memory and frob whatever they want (yet
another reason why physical security is important).


Basically, once an attacker has physical access to your machine,
you've lost; this is just one possible route that such an attacker
could take.

Indeed. When Adam B. presented this @ RuxCon 06 (Sydney, AU), he said, IIRC,
that he had communicated with MS, but they had (probably rightly) told him it
wasn't really a security hole, as once you had physical access all bets were
The easiest way around this is to simply NOT build firewire into your kernel,
but load it as you need it. It won't prevent all attacks but it will reduce
your exposure (assuming, of course, that you never leave your computer alone,
running or without boot / disk password and bolted into place.... :D ).

It was quite impressive though, to see the guy take over some dude's windog
laptop (from the audience) in 30 seconds. He's always good fun to watch :P

{Beto|Norberto|Numard} Meijome

"I was born not knowing and have had only a little time to change that here and
there." Richard Feynman

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"