Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Xfree86 video buffering?
From: Stan Bubrouski <stan.bubrouski () gmail com>
Date: Fri, 25 Feb 2005 13:03:51 -0500

Riad S. Wahby wrote:

Stan Bubrouski <stan.bubrouski () gmail com> wrote:
With this solution someone could intentionally crash your machine to
avoid those routines from running.  I'm not trying to put you down or
anything, in fact I probably know less about video related stuff than
most on the list, this just doesn't seem like the best way to do it.
I have no better suggestions, I'll leave this one to the experts.

You've found a valid case where clear-on-shutdown breaks, but your
solution doesn't solve the problem, it exacerbates it!

Umm I didn't offer a solution at all? I clearly said I wasn't wise enough to devise a solution for this... which is why I said I'll leave a solution to the experts...

Let's consider the threat here.

- I'm looking at something sensitive on my screen.
- I shut down my computer.
...some time passes...
- Mallory boots my computer and reads out the buffers from my video
 card, thereby obtaining the sensitive information.

By your proposal, we _intentionally_ leave the data on the video card
until Mallory already has access to the machine, trusting that he'll
be stupid enough to load our clear-on-startup video card drivers before
dumping out the framebuffer.

Can you read? I didn't propose any solution I just poked holes in someone else's???

The alternative, to clear-on-shutdown, is obviously better under
normal circumstances, since sensitive data are never left in the
framebuffer. In an exceptional case such as the computer crashing and
failing to clear the framebuffer, it's true that the data remain on the
card. Note, however, that we're in the same situation post-crash that
we'd _always_ be in under your proposed system.


It's obvious that clear-on-startup is strictly worse than clear-on-
shutdown; implementing the latter will prevent a casual observer from
seeing anything sensitive on the screen at startup, but it doesn't
actually grant you any more security, since the data are still
physically on the card.  Implementing both gives you a slight edge
against a passive attacker in a small range of exceptional cases, so it
might be the right way to do things.

I don't think things are that clear at all. In fact I don't know that ANYONE has actually
fully explained the problem and why it is occurring in the first place.

Has anyone ever noticed this behavior with Windows, say, after a crash?
I'm not saying I have (haven't actually run a Windows machine regularly
in years, so I probably wouldn't remember anyway), I'm just curious.

I've never observed this problem during the 5 years I've used windows 2000. However come to think of it this problem isn't new. I remember back in '99 my old p166 which indeed used the vesa driver did this too. So umm its probably been brought up many times before.

Please read things more carefully before responding. All I did was offer a lame hypothetical situation in
which someone else's solution wouldn't work.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]