[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The (in)security of Xorg and DRI

To: Darren Reed <avalon@xxxxxxxxxxxxxxxxxxx>
Subject: Re: The (in)security of Xorg and DRI
From: Pavel Kankovsky <peak@xxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 27 Dec 2006 00:20:14 +0100 (CET)

On Thu, 14 Dec 2006, Darren Reed wrote:

> In recent discussion, the topic of the Xorg server being a huge
> security vulnerability because of its DRI model has come up.
> 
> The problem being that you have user space code communicating
> with chips in the system and being able to control DMA and what
> goes which way on the system bus...

Afaik, kernel DRM (*) drivers are supposed (**) not to provide direct
control over unsafe features of the hardware (***).

(*) Direct Rendering Manager.
(**) The "strength of function" is, of course, a different question.
(***) See <http://dri.sourceforge.net/doc/security_low_level.html>

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

References:
- The (in)security of Xorg and DRI
  - From: Darren Reed

Prev by Date: Re: LuckyBot v3 Remote File Include
Next by Date: Re: XSS with Vbulletin (new idea !)
Previous by thread: Re: The (in)security of Xorg and DRI
Next by thread: [ GLSA 200612-16 ] Links: Arbitrary Samba command execution
Index(es):
- Date
- Thread