Charles Shannon Hendrix
shannon at widomaker.com
Thu Jan 26 19:48:54 CST 2006
Tue, 24 Jan 2006 @ 20:40 -0500, der Mouse said:
> I was pointing out (or trying to) that if you run a binary-only driver,
> you are "open[ing] up security holes all the way to ring zero"
What I'm talking about is a driver interface in Windows that does this
as part of its basic design. In other words, driver level insecurity on
purpose and billed as a feature.
> - you are handing over the keys to your hardware's most privileged
> mode, allowing whoever wrote that code to do whatever they might
> happen to feel like with your system.
Yes, but that's far less likely, and it doesn't happen through an API
that was deliberately designed to allow it, and it is very unlikely to
happen from a userland software install like it can in Windows.
Aside: mainframe systems addressed things like malicious drivers and
libraries a long time ago. Why is it taking so long to see this in our
shannon "AT" widomaker.com -- ["We are all of us in the gutter, some of us
looking at the stars." -- Oscar Wilde]
More information about the rescue