On Mon, 17 May 1999, Olaf Titz wrote:
> > >svgalib: can't get I/O permissions!
>
> OK, svgalib is supposed to do that by itself, but people like me who
> don't generally trust software to not have bugs prefer using a
> wrapper program. <URL:http://sites.inka.de/~bigred/sw/ioperm.txt>
Yet again, ioperm simply giove the program complete io permission (which
is what svgalib otherwise does with the root priviledge). That means that
the svgalib program gets complete access to any hardware, disk controller
etc. It can circuvent any permission s and whatever. Easily break hardware
by by making (dumb disks) run their heads against the disk case
repeatedlz, frz a dump enohgh montior and so on. The only thing is, with
ioperm, the trojan horse author must program the hardware directly to do
the damage, it cant use the kernelto do these things. This only makes
things a bit more difficult. If you just want to crash a disk, it should
be easy with a few direct i/o calls to an eide disk.
Hence, do not let ioperm lul you in a false sense of security. The concept
of graphixcs under linux and all other Unixens I know good enough to
decide on that is just plain stupid. I dearly hope all this fb and kgi an
dmesa stuff will once result in a sensible solution of this problem. But
it will IMHO need a few more years to be ready for everyone at best.
P.S.
Michael.
> I've given up on svgalib since I got a machine fast enough for X ;-)
which is what most people do. Alas, you now trust your Xserver 150% for
security and X might gbe too slow (ok, at lerast slower than a direct
solotion could be) and it cant' change screen rez on the fly (ok, it can
use different rez (by faking always tyhe same virtual screen size to
applications) but not different color depths.
--
Michael Weller: [EMAIL PROTECTED], [EMAIL PROTECTED],
or even [EMAIL PROTECTED] If you encounter an eowmob account on
any machine in the net, it's very likely it's me.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
