[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freedesktop-xorg
Subject:    Re: X11 still uses /dev/mem ?
From:       Adam Jackson <ajax () nwnk ! net>
Date:       2010-02-22 21:11:20
Message-ID: 1266873080.23312.11485.camel () atropine ! boston ! devel ! redhat ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Mon, 2010-02-22 at 18:59 +0000, Nix wrote:
> On 22 Feb 2010, Adam Jackson verbalised:
> > That, and device permissions on /dev/dri/whatever, and that GEM objects
> > are globally visible so you're still trusting that multiple X servers
> > don't intentionally snoop on each other.
>=20
> Device permissions are fixable with one udev rule / chown / chmod /
> whatever. The 'intentionally snooping X servers' problem only allows
> users to spy on other users (and perhaps bash their 3D state), but
> doesn't allow arbitrary code execution as root unless there are more
> bugs allowing users to instruct the GPU to DMA stuff to arbitrary parts
> of system RAM (in which case we have a security hole even in the absence
> of multiple users).

You're typically not allowed to screen-scrape other users' X sessions.
So even though this isn't a root-escalation issue, it's still weaker
than what X currently enforces.

I'm not saying running X not as uid 0 isn't a worthy goal, just that
allowing arbitrary users to touch the drm device is not currently a
great idea.

> Input device revocation still seems important though :( a shame there's
> no workaround, even if a hacky one :/ we don't realy need generalized
> revoke() for this, do we? Just revoke() on a limited class of devices?

Correct.

- ajax

["signature.asc" (application/pgp-signature)]

_______________________________________________
xorg mailing list
xorg@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/xorg

[prev in list] [next in list] [prev in thread] [next in thread]