NDISwrapper dodges another bullet
Posted Mar 6, 2008 6:23 UTC (Thu) by hamjudo
Parent article: NDISwrapper dodges another bullet
Do any PCI interfaces include a mechanism for limiting memory access for a device?
I'd accept a significant performance hit, if I could run the evil drivers in user mode under an emulator like QEMU, with a kernel driver that provided controlled access to the PCI slot, and appropriate memory buffers, but blocked access to any other device, or memory. But that is not enough, unless the network device itself is also prevented from accessing the wrong memory, or other devices.
Most DMA controllers are configured by the driver. If a DMA controller is loaded with a bad address, the device will scribble on the wrong memory. That produces bugs that are incredibly hard to track down and massive security holes. So the hardware has to be limited too, before you can really claim that the interface removes the need for tainting.
to post comments)