| |||||||||||||
Linux autorun vulnerabilities?Linux autorun vulnerabilities?Posted Feb 10, 2011 7:13 UTC (Thu) by Fowl (subscriber, #65667)Parent article: Linux autorun vulnerabilities?
Couldn't an arbitrary USB device just DMA something malicious behind the kernel's back?
Thumbnbail-ers / Indexers / Property Extractors are one of the first bits of code (behind web browsers) that should be sandboxed IMHO.
(Log in to post comments)
Linux autorun vulnerabilities? Posted Feb 10, 2011 9:18 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]
no, the USB bus does not support DMA (direct memory access), the driver uses it to transfer data from the memory to the server-side hardware, but the devices plugged in cannot initiate or control DMA.
Linux autorun vulnerabilities? Posted Feb 10, 2011 12:43 UTC (Thu) by cesarb (subscriber, #6266) [Link]
Well, an USB device can emulate a keyboard/mouse too. I am sure a creative hacker would be able to use this to do something like opening a terminal and typing a command.
But this requires special hardware. What we are talking about is things that can be used for worm-like behavior, that is, things that can be written to a generic USB mass storage device.
Linux autorun vulnerabilities? Posted Feb 10, 2011 14:07 UTC (Thu) by gidoca (subscriber, #62438) [Link]
Special hardware? What prevents you from doing this as a malware for smartphones?
Linux autorun vulnerabilities? Posted Feb 10, 2011 15:28 UTC (Thu) by cesarb (subscriber, #6266) [Link]
Good catch. Even though I have one on my pocket, I completely forgot that it can be used as the "special hardware" I was thinking of.
|
|||||||||||||