Theo de Raadt wrote: > I would say that, as a general principle -- if you can't find this and fix > it yourself, you probably are unable to evaluate the risk from bypassing > the kernel and talking direct to the hardware.
I haven't looked beyond libpci, I was giving a heads up, given that the problem wasn't documented anywhere. Given the nature of this tool, it's kind of obvious that it can be dangerous.. unfortunately some vendors no longer release OS-indepdent tools for upgrading their firmware. There are plenty of other ways to trash your system, this is just another possible way.. but maybe it can still be useful, like those dangerous X drivers you mentioned. Seems like the risk has to be evaluted on a case-by-case basis, don't you agree? I know of at least one OpenBSD developer wanting to update their BIOS from OpenBSD. -Bryan.
