Subject: Re: securelevel bypass by entering SMM mode on x86
To: <>
From: Chapman Flack <nblists@anastigmatix.net>
List: tech-kern
Date: 11/08/2006 21:39:38
Thor Lancelot Simon wrote:
>>http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf
>
> I don't get it. There are certainly easier ways to overwrite the kernel
> if one is given access to a privileged I/O permission level. It's long
> been known that i386_iopl() should be forbidden if the securelevel > 0.
On the other hand, I don't see any reason not to make sure we set
D_LCK somewhere in the boot sequence. Not to do so strikes me as
to leave unfulfilled an assumption implicit in the hardware
design. SMM, once initialized, is clearly meant to be transparent
from every other mode, and D_LCK is the bit that makes it so.
Reading "From the computers we tested, it seems that the D_LCK
bit is never set" made me want to use my Dr. Strangelove voice.
-Chap