> Thomas Hellstr�m wrote: >> Hi! >> >> Is it OK to have different permissions for the different functions in a >> DRM IOCTL, requiring the caller to be root on some functions but not >> other? > > You mean by adding additional checks within the body of an ioctl > somewhere, on top of the simple flags where the ioctl is initially > declared? > Exactly.
> I don't see that it is a particular problem to do this. Eg. you could > allow the X server access to some commands in the via_verifier which > aren't available to regular clients. I think that sort of usage would > make a lot of sense. > Yes that is one useful application. The one I was thinking of is currently the VIA_DMA_INIT ioctl where the VIA_INIT_DMA and VIA_CLEANUP_DMA functions needs root-only permissions whereas the VIA_DMA_INITIALIZED function should be accessible by all. A security hole that needs to be plugged ASAP, either by creating a separate IOCTL for the latter function or checking CAP_SYS_ADMIN within the the existing IOCTL. /Thomas > Keith > ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ -- _______________________________________________ Dri-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dri-devel
