Re: Trusted process on an untrusted machine?

[pavel () SUSE CZ (Pavel Machek)]

Hi!

> > > Some of ways an attacker could bypass this protection:
> > >     Solution:  There should be a LOCK pin on most processors that locks the
> > >                memory bus. The kernel module can lock the bus and proceed to
> > >                zero out all memory not used by the good kernels page tables.
> > No. You can't assume you know about all memory. (And I think LOCK does
> > not work the way you imagine it). Rogue second cpu could be hiding in
> > videoram of PCI card, for example.
>
> You shouldn't need to know about all the memory.  Insert a TLB entry to map
> a page of virtual memory to the first page of physical memory.  Zero it out.
> Proceed to zero out every physical page of memory.  Who cares if there is a
> physical page there or not.  You only have 4gb to go through.  It may trash
> some device detection though.

BTW I forgot about trivial method to do this: put your rogue code into
boot-prom of your network card. It is quite easy to do, and you can't
zero ROM :-).

> > Remove heatsink from the cpu. Watch your "trusted" program do
> > single-bit errors from time to time. Have fun.
>
> Doh, I hadn't thought of that one ;)

This is really the worst of all, since it happens pretty often by
accidents. (You know, average live of cpu fan is 6 months or so.)

                                                                Pavel

--
The best software in life is free (not shareware)!              Pavel
GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+