On Wednesday 14 January 2004 10:09 pm, Einstein9112@yahoo.com wrote: > Wesley J Landaker wrote: > > On Wednesday 14 January 2004 8:41 pm, Nano Nano wrote: > >>On Wed, Jan 14, 2004 at 08:38:29PM -0700, Wesley J Landaker wrote: > >>Content-Description: signed data > >>[snip] > >> > >>>The contents of video ram aren't initialized by the hardware. They > >>>just come up in a random state are and just going to be > >>>overwritten--why would the video card both to zero it out? > >> > >>Isn't that a security problem? What if the old contents contained > >>the image of the root password or other sensitive information? > > > > Then it would be there until it got over-written. Just like when > > you type in your root password or any other sensitive information, > > the local computer has it in memory until it gets overwritten. > > > > So, yes, it's important to make sure that unprivileged processes > > can't just randomly read video ram, just like you wouldn't let them > > randomly read memory. =) > > Upon further reflection, this could be a more serious security > problem. Imagine a small trojan/keylogger/worm/etc , that's ~640kb. > There is plenty of room in vid memory in today's cards, and even in > old cards. (My 4.5 year old laptop has 4mb) Even a reboot wouldn't > neccessarily remove it from resident memory, at least not > permenately. Even if the data in the RAM happened to correspond to some sort of malware, I don't see how such a thing would ever get *run*. You don't execute (and generally, don't even read) video ram. =) -- Wesley J. Landaker - wjl@icecavern.net OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2
Attachment:
pgpr1tNXwFCZ6.pgp
Description: signature