On Sat, Feb 15, 2003 at 01:51:57AM +0000, Alan Cox wrote: > On Fri, 2003-02-14 at 23:56, Philip Brown wrote: > > how is "only user joebrown can read and write /dev/dri/card0" any less > > effective when there are multiple users on the box ?? > > As well as the unix permissions DRI is also playing games with > authentication of its own between the server and clients
So the idea is maybe that: Someone could get access to the device, get a "key", "log out", but not fully log out, and keep the key... then the next person logs in, uses DRI, but the first person still has access? I'm not up to speed on the drm kernel access granting methods yet.. would this really work? I'm surprised, if it does . I would think if one user logs out, then the X server gets killed. At which point, I would assume that the drm code would reset all access to the dri device. If not, sounds like someone has some more kernel coding to do ;-) One "obvious" way to handle this, would be for the root server to send the uid of the first DRI-using user-level process as part of the "request a key" sequence to the driver. Then the driver only grants access to root, and that user, until the main root session dies. Then access perms should be reset, and there's no more security problem. ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Dri-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dri-devel
