Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> But there’s another trick a bad BMC can do — it can simply read and write main memory once the machine is booted.

Doesn't ASLR[0] mitigate this?

[0] https://en.wikipedia.org/wiki/Address_space_layout_randomiza...



I don't see how it would. ASLR only really helps making it harder for attackers to gain full control when they manage to execute some instructions in your process via memory corruption. It relies on the memory layout being hard to guess, however, the BMC can already just read from arbitrary memory, so it can just look it up. What would help here is isolating PCIe devices with the IOMMU, but this is currently rarely enabled, only for virtualization, apparently due to it's relatively high overhead.


ASLR is a virtual memory technique, an attack via the BMC would attack physical memory.


As I understand it, no - if you can read from all of main memory, you can just look for the function you need.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: