tags 46709 security
severity 46709 critical
quit
Letting processes write to EGA ports isn't that awful (with
today's sync-protected monitors), but if Mach also lets them
write to ports used by IDE or SCSI, then it "introduces a
security hole on systems where you install the package."
No, I didn't really test whether Mach allows that -- I don't know
enough about IDE to do that in a way that won't hurt my data.
However, I think it's very likely. Please show I'm mistaken.
This would be a local attack, but might not require any UIDs.
_______________________________________________
Bug-hurd mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-hurd
