Re: The (in)security of Xorg and DRI
- From: Pavel Kankovsky <peak@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 27 Dec 2006 00:20:14 +0100 (CET)
On Thu, 14 Dec 2006, Darren Reed wrote:
In recent discussion, the topic of the Xorg server being a huge
security vulnerability because of its DRI model has come up.
The problem being that you have user space code communicating
with chips in the system and being able to control DMA and what
goes which way on the system bus...
Afaik, kernel DRM (*) drivers are supposed (**) not to provide direct
control over unsafe features of the hardware (***).
(*) Direct Rendering Manager.
(**) The "strength of function" is, of course, a different question.
(***) See <http://dri.sourceforge.net/doc/security_low_level.html>
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
- References:
- The (in)security of Xorg and DRI
- From: Darren Reed
- The (in)security of Xorg and DRI
- Prev by Date: Re: LuckyBot v3 Remote File Include
- Next by Date: Re: XSS with Vbulletin (new idea !)
- Previous by thread: Re: The (in)security of Xorg and DRI
- Next by thread: [ GLSA 200612-16 ] Links: Arbitrary Samba command execution
- Index(es):
