Comment by DyslexicAtheist
6 years ago
> Well, that isn't generally true if the complexity is actually a security boundary.
if the security boundary is baked into the code or the design of the system, and also assuming it doesn't introduce more bugs, then I agree[1]. Security controls that get introduced on top do risk an increase in attack surface. An additional interface is by definition a an additional "surface", the question is if it can be attacked.
[1] you could still argue that more lines of code always means more bugs (but let's assume it's very close to bullet-proof)
If the alternative to adding an additional interface is to just give DMA access to the device, I'm not sure I see the downside to using the additional interface. Even if the interface ends up being completely broken, at the very least there was something to break before you get DMA / RCE access. What possible interface breakage could trump free and unrestricted DMA access?