On Tuesday 02 May 2006 08:25, Keir Fraser wrote:
> On 2 May 2006, at 14:10, Mark Williamson wrote:
> > * X running in dom0 can, in principle, subvert any domain you're
> > running, if X
> > itself gets subverted. A bug in X in dom0 could hang the machine in
> > principle.
> Yes, although you are a little better off on Xen -- for example iopl==3
> doesn't let you disable interrupts, as it does on native. However, the
> X server will still have access to most I/O ports and can certainly
> wreak havoc because of that.
> For this specific problem, it would make sense to ensure that D_LCK is
> set during boot, so that noone can thereafter modify the SMM memory
> space. You need to know something about PCI space to do that, though,
> so it would make sense for us to leave that to domain0.
> -- Keir
Thanks for the resonses.
For those interested in the gory details of a proof-of-concept exploit,
it's all laid out in the 16-page pdf by Loic Duflot:
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"
Xen-devel mailing list