On Wed, 12 Feb 2003, John Bartoszewski wrote: >I've heard comments from various people that in some drivers for >new cards that there are local security problems. The example >that was brought up was the driver for the Radeon 7000 being >able to write any where in memory and therefor compromise >security.
Heard comments from whom? And what specific security problems? What source code files are these problems in? Or are they just what-if rumors? Seriously, if someone has a claim that one of the drivers is insecure, then they would know the exact area of the driver source that such security problems exist, and one would expect that they would report the problems in a responsible manner to appropriate developers privately to be examined. Anything short of a specific example of a real security problem is nothing more than heresy. >Without actually reading the drivers is there any place where >these security problems are discussed and archived? You assume that there are known security issues which are also not fixed. That is not the case however, but I urge anyone who believes they know of such a security issue to report it privately to [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] >Is there a good forum to ask if a driver is secure? If a driver wasn't secure, it would be either fixed, or likely disabled and removed. >Have there been audits on drivers directly from Nvidia, Matrox >or ATI? How exactly would someone audit a binary only driver that there is no publically available source code for? I'm not sure a heck of a lot could be done without the source code. You'd have to ask those vendors directly however if they've audited their own source code for security issues. -- Mike A. Harris _______________________________________________ XFree86 mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xfree86
