Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Xfree86 video buffering?

from [Valdis . Kletnieks] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Xfree86 video buffering?
Date: Thu, 24 Feb 2005 23:26:36 -0500 
On Thu, 24 Feb 2005 14:35:27 PST, Eric Paynter said:


All kidding aside, this seems to be a real security issue. Your system
shouldn't be showing unauthorized users what you were doing. It should
properly flush the memory.

Does a power off flush it?


I've seen this behavior on a Dell Latitude C840 laptop as well, and it has on
occasion even survived a power cycle of a few seconds.  This was with NVidia's
binary drivers on a GeForce 440Go card (so it isn't the VESA driver doing
this).  Basically, what's happening is that the on-card buffers for texture
memory and save-unders and pixmap storage aren't being cleared.

I don't think this is at all easily solvable - when the X server starts up, the
card is probably in console mode using the VGA emulation, which is pretty
brain-dead and doesn't touch much of the card memory (when you have 32M or 64M
on-card, that 640x480 gets lonely sitting in the corner).  The X server first
has to pop it into the native NVidia/ATI/whatever graphics mode (remember, it
has to do that *before* it can access the video memory - you can't get there
while still in VGA emulation).  Then it can proceed to clear out the on-card
memory.  Unfortunately, if the X server pauses in between setting the mode and
clearing  the memory, you get to see the uninitialized (and therefor left-over)
buffers.  About the best you can do here is fix the server to try to not do any
time-intensive operations between the mode set and the clear.

There's multiple reasons why it can even survive a power cycle.  In my case,
I've only been powering off for a few seconds (stupid laptop doesn't have a MNI
Reset button, which would be quite helpful when doing kernel-level hacking),
and the voltage levels in the RAM hadn't decayed all the way to bit lossage.
It's also quite possible that some video cards are made with static ram rather
than dynamic ram, which greatly increases the chances that the bits will
survive even an extended power-off, and/or the power "off" isn't really all the
way "off" - if the machine supports "suspend to RAM", it may be keeping a very
low trickle of power going to keep the memory from going poof....

Attachment: pgpelmSk6M3ce.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] [FLSA-2005:2336] Updated kernel packages fix security issues, Marc Deslauriers
Next by Date:  RE: [Full-Disclosure] Xfree86 video buffering?, Allan
Previous by Thread:  Re: [Full-Disclosure] Xfree86 video buffering?, Rodrigo Barbosa
Next by Thread:  RE: [Full-Disclosure] Xfree86 video buffering?, Allan
Indexes:  [Date] [Thread] [Top] [All Lists]