On Mon, 2010-02-22 at 18:59 +0000, Nix wrote: > On 22 Feb 2010, Adam Jackson verbalised: > > That, and device permissions on /dev/dri/whatever, and that GEM objects > > are globally visible so you're still trusting that multiple X servers > > don't intentionally snoop on each other. > > Device permissions are fixable with one udev rule / chown / chmod / > whatever. The 'intentionally snooping X servers' problem only allows > users to spy on other users (and perhaps bash their 3D state), but > doesn't allow arbitrary code execution as root unless there are more > bugs allowing users to instruct the GPU to DMA stuff to arbitrary parts > of system RAM (in which case we have a security hole even in the absence > of multiple users).
You're typically not allowed to screen-scrape other users' X sessions. So even though this isn't a root-escalation issue, it's still weaker than what X currently enforces. I'm not saying running X not as uid 0 isn't a worthy goal, just that allowing arbitrary users to touch the drm device is not currently a great idea. > Input device revocation still seems important though :( a shame there's > no workaround, even if a hacky one :/ we don't realy need generalized > revoke() for this, do we? Just revoke() on a limited class of devices? Correct. - ajax
signature.asc
Description: This is a digitally signed message part
_______________________________________________ xorg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xorg
